Problem

Fisheye/Crucible uses an external directory, in which a user is being automatically added to a certain group upon successful login. That group is used to grant 'Fisheye' and/or 'Crucible' access (Administration > Global permissions). User is unable to log in.

Steps to reproduce

• Set up Crowd as follows
  • Add Fisheye/Crucible application
  • Add 'Crowd internal' directory
    • Add 'fisheye-crucible-users' group
    • Add 'user1' user, do not assign to the group above
  • On the 'Options' tab pick the 'fisheye-crucible-users' group to be automatically added to

• Set up Fisheye/Crucible as follows
  • Add 'Atlassian Crowd' directory
  • On the 'Groups' page remove 'fisheye-users' and 'crucible-users' groups; you shall see the 'fisheye-crucible-users' listed
  • On the 'Global Permissions' page grant 'fisheye-crucible-users' group the 'Fisheye & Crucible access'
  • On the 'Users' page you shall see 'user1'; it has no group assigned and the 'no access' red label

• Log out and log in as 'user1'
  • Login fails

• Log in as administrator
  • On the 'Users' page you shall see that 'user1' is now a member of 'fisheye-crucible-users' group,
  • but the label still shows 'no access'

Cause

A global permission cache is not refreshed after user is automatically added to a group in an external directory and that group grants Fisheye and/or Crucible global permissions.

Workaround

The global permission cache expires after 24 hours unless some action triggers invalidation.

Trigger invalidation of the global permission cache by one of the following:

• add a new user in Fisheye/Crucible (you can use an 'internal directory' if available)
• change any user's group membership
• restart Fisheye / Crucible