Details
-
Bug
-
Resolution: Timed out
-
Medium
-
5
-
Severity 2 - Major
-
Description
Issue Summary
Jira Server/DC's Internal Directory (ID: 1) is granted all 12 embedded Crowd OperationType values by default. Specifically:
- CREATE_USER
- CREATE_GROUP
- CREATE_ROLE
- UPDATE_USER
- UPDATE_GROUP
- UPDATE_ROLE
- UPDATE_USER_ATTRIBUTE
- UPDATE_GROUP_ATTRIBUTE
- UPDATE_ROLE_ATTRIBUTE
- DELETE_USER
- DELETE_GROUP
- DELETE_ROLE
However, the entities.xml included in the back up for server export in Jira Cloud is missing these operations. The consequence is administrators can't edit users or groups after restoring from a Cloud backup.
This bug is documented on JRASERVER-72589 and JSWSERVER-21471. However, this bug must be fixed on Jira Cloud.
Steps to Reproduce
Create an XML backup of a cloud tenant via ⚙️ (gear icon) > System > Backup manager > Back up for server.
Expected Results
The export entities.xml file contains:
<Directory id="1" directoryName="Jira Internal Directory" lowerDirectoryName="jira internal directory" createdDate="2013-02-28 11:57:51.308" updatedDate="2013-02-28 11:57:51.308" active="1" description="Jira default internal directory" implementationClass="com.atlassian.crowd.directory.InternalDirectory" lowerImplementationClass="com.atlassian.crowd.directory.internaldirectory" type="INTERNAL" position="0"/> <DirectoryAttribute directoryId="1" name="user_encryption_method" value="plaintext"/> <DirectoryOperation directoryId="1" operationType="CREATE_GROUP"/> <DirectoryOperation directoryId="1" operationType="CREATE_ROLE"/> <DirectoryOperation directoryId="1" operationType="CREATE_USER"/> <DirectoryOperation directoryId="1" operationType="DELETE_GROUP"/> <DirectoryOperation directoryId="1" operationType="DELETE_ROLE"/> <DirectoryOperation directoryId="1" operationType="DELETE_USER"/> <DirectoryOperation directoryId="1" operationType="UPDATE_GROUP"/> <DirectoryOperation directoryId="1" operationType="UPDATE_GROUP_ATTRIBUTE"/> <DirectoryOperation directoryId="1" operationType="UPDATE_ROLE"/> <DirectoryOperation directoryId="1" operationType="UPDATE_ROLE_ATTRIBUTE"/> <DirectoryOperation directoryId="1" operationType="UPDATE_USER"/> <DirectoryOperation directoryId="1" operationType="UPDATE_USER_ATTRIBUTE"/>
Actual Results
The export entities.xml file only contains:
<Directory id="1" directoryName="JIRA Internal Directory" lowerDirectoryName="jira internal directory" createdDate="2023-04-11 22:40:42.71685" updatedDate="2023-04-11 22:40:42.71685" active="1" description="JIRA default internal directory" implementationClass="com.atlassian.crowd.directory.InternalDirectory" lowerImplementationClass="com.atlassian.crowd.directory.internaldirectory" type="INTERNAL" position="0"/> <DirectoryAttribute directoryId="1" name="user_encryption_method" value="atlassian-security"/>
Workaround
Follow the steps on the Cannot edit group memberships, as external user management is enabled, please contact your Jira administrators knowledge base article.
Attachments
Issue Links
- causes
-
JSWSERVER-21471 Jira Internal Directory users without permissions due to missing operations
- Closed
-
JRASERVER-72589 Jira cloud backup when restored results in the user directory operations removed
- Gathering Impact
- depended on by
-
JRACLOUD-80985 "Back up for server" sysadmin user doesn't have application or admin access
- Gathering Impact
- is related to
-
JRACLOUD-67056 JIRA backups are missing user encryption method values
- Closed