Created recently

Order by Created
  1. Bug
    CONFSERVER-100309Authentication fails for users who are not part of an admin group if there is a group with Confluence Administrator and/or System Administrator Global Permissions that no longer exists in the instance.
  2. Bug
    CONFSERVER-100308Publishing a page created from a plugin blueprint fails depending on the size of the template
  3. Bug
    CONFSERVER-100298Reminders are deleted from all Custom Event Types, when a single Custom Event Type is deleted.
  4. Bug
    CONFSERVER-100297The Labelled Content page for a label tied to attachments are not rendered after a cache flush/system restart
  5. Bug
    CONFSERVER-100296Pages with "Spaces List" macro cannot be loaded on mobile browsers
  6. Bug
    CONFSERVER-100281Space HTML Export renders page links in Children Display Macro as Full URL when Faster Permission is enabled
  7. Bug
    CONFSERVER-100280Synchronization Fails in Confluence 9.2 when using a Clustered LDAP
  8. Suggestion
    CONFSERVER-100261Improve Excel/Word/PDF previews within Macros
  9. Suggestion
    CONFSERVER-100260[Confluence Cloud] More flexible Smart Link display options in Confluence (Jira links without title)
  10. Suggestion
    CONFSERVER-100257Page Copy should provide option to exclude unused attachments
  11. Bug
    CONFSERVER-100256Legacy Jira Project Key breaks Advanced Roadmap Macro
  12. Bug
    CONFSERVER-100255Popular Labels macro resulted in 500 Internal Server Error on REST API request for Page Body
  13. Suggestion
    CONFSERVER-100230Page Attachments Feature Improvement Request
  14. Bug
    CONFSERVER-100229Analytics Direct‑URL Bypass Ignores Global Analytics Permissions in Confluence Data Center
  15. Bug
    CONFSERVER-100228Users are unable to be granted system administrator privileges via a nested group or AD group
  16. Bug
    CONFSERVER-100225Cannot search for attachment content on Confluence 9.2 branch
  17. Bug
    CONFSERVER-100201Slow scrolling on a page with tables causes repositioning on the last row in Webkit browsers (Chrome/Chromium)
Refresh results
1 of 17
Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-100309

Authentication fails for users who are not part of an admin group if there is a group with Confluence Administrator and/or System Administrator Global Permissions that no longer exists in the instance.

      Summary

      Authentication fails for users who are not part of an admin group if there is a group with Confluence Administrator and/or System Administrator Global Permissions that no longer exists in the instance (scenario described on CONFSERVER-81515 and Deleted Groups shown as "Group not found" in Global Permissions and Space Permissions.

      Version info

      • Confluence 9.2.6 LTS

      Description

      Issue Summary

      Users can't authenticate if there is any deleted group with administrative rights at Global Permissions.

      Steps to Reproduce

      1. Deploy a Confluence 9.2.6.
      2. Configure SSO/SAML integration in Confluence (optional).
      3. Configure an external directory in Confluence and synchronize groups.
      4. Add such groups to Confluence's Global Permission and grant them admin permissions.
      5. Remove the external directory from Confluence.
      6. Reindex the instance and confirm that these groups will still be listed in the Global Permission menu with a Not found message below them.
      7. Try to authenticate with a user that is not a member of the confluence-administrator group.

      Expected Results

      Users not in an administrative group should be able to authenticate.

      Actual Results

      Users not in an administrative group are unable to authenticate. During user authorization, the following errors show up in the log files.

      2025-07-15 14:33:56,816 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- url: /synchrony/heartbeat | referer: https://example.org/spaces/SSO/pages/162594822/Any+page | traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
...
2025-07-15 14:33:56,817 WARN [http-nio-8090-exec-3] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doRollback Performing rollback. Transactions:\n  ->[com.atlassian.confluence.security.DefaultPermissionManager.isSystemAdministrator]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT,readOnly (Session #428955982) -- url: /synchrony/heartbeat | referer: https://example.org/spaces/SSO/pages/162594822/Any+page | traceId: b7fcde203d7c60de
2025-07-15 14:33:56,819 ERROR [http-nio-8090-exec-3] [[Standalone].[localhost].[/].[default]] log Servlet.service() for servlet [default] in context with path [] threw exception
2025-07-15 14:33:56,844 INFO [http-nio-8090-exec-3] [atlassian.confluence.status.SystemErrorInformationLogger] writeToLog \nRequest Unique ID : f47a9370-66fc-466c-b576-174f7fd899db\n--------------------------\nJVM Stats\n--------------------------\nxmx = 1073741824\nusedNonHeap = 553765912\navailableHeap = 191931960\navailableNonHeap = -1\nallocatedHeap = 1073741824\nfreeAllocatedHeap = 191931960\nmaxNonHeap = -1\navailablePermGen = 0\nmaxPermGen = -1\nmaxHeap = 1073741824\nusedHeap = 881809864\nusedPermGen = -1\nxms = 1073741824\n--------------------------\nRequest Information\n--------------------------\nURL: https://example.org/500page.jsp\nScheme: https\nServer: example.org\nPort: 443\nURI: /500page.jsp\nContext Path: \nServlet Path: /500page.jsp\nPath Info: null\nQuery String: _=1752604434491\n--------------------------\nAttributes\n--------------------------\njavax.servlet.forward.request_uri: /synchrony/heartbeat\njavax.servlet.forward.context_path: \njavax.servlet.forward.servlet_path: /synchrony/heartbeat\njavax.servlet.forward.query_string: _=1752604434491\njavax.servlet.forward.mapping: org.apache.catalina.core.ApplicationMapping$MappingImpl@5f718c27\norg.apache.catalina.AccessLog.RemoteAddr: 10.120.10.1\n__prepare_recursion_counter: 1\njavax.servlet.error.status_code: 500\nstruts.actionMapping: noActionMapping\nbrave.SpanCustomizer: SpanCustomizer(RealSpan(b7fcde203d7c60de/b7fcde203d7c60de))\norg.apache.struts2.dispatcher.filter.StrutsPrepareFilter.REQUEST_EXCLUDED_FROM_ACTION_MAPPING: false\ncom.opensymphony.sitemesh.APPLIED_ONCE: true\n__wrap_recursion_counter: 1\ncom.atlassian.confluence.web.filter.validateparam.RequestParamValidationFilter_already_filtered: true\natlassian.core.seraph.original.url: /500page.jsp?_=1752604434491\norg.apache.catalina.AccessLog.Protocol: HTTP/1.0\ncom.atlassian.gzipfilter.GzipFilter_already_filtered: true\n3af_annotated_permitted_checker: com.atlassian.confluence.impl.security.access.NoCheckAnnotatedPermitChecker@7927cfb2\ncom.atlassian.seraph.auth.LoginReason: OK\nsitemesh.secondaryStorageLimit: -1\norg.apache.catalina.AccessLog.ServerPort: 443\njavax.servlet.error.message: \njavax.servlet.error.servlet_name: default\norg.apache.tomcat.request.forwarded: true\nbrave.propagation.TraceContext: b7fcde203d7c60de/b7fcde203d7c60de\nbrave.servlet.TracingFilter$SendHandled: true\norg.apache.tomcat.remoteAddr: 10.120.10.1\nconfluence.secure.access.original.url: /synchrony/heartbeat?_=1752604434491\norg.apache.catalina.AccessLog.ServerName: example.org\nB3-TraceId: 3be2ae44984994\nloginfilter.already.filtered: true\njavax.servlet.error.request_uri: /synchrony/heartbeat\ncom.atlassian.core.filters.HeaderSanitisingFilter_already_filtered: true\ncom.atlassian.prettyurls.filter.PrettyUrlsSiteMeshFixupFilter: true\norg.apache.catalina.AccessLog.RemoteHost: 10.120.10.1\njavax.servlet.error.exception: org.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only\nos_securityfilter_already_filtered: true\ncom.atlassian.confluence.impl.sitemesh.DecoratorTimings: com.atlassian.confluence.impl.sitemesh.DecoratorTimings@57ad0745\ncom.atlassian.prettyurls.filter.PrettyUrlsSiteMeshFilter: true\n--------------------------\nParameters\n--------------------------\n_ : 1752604434491\ncaused by: org.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only\nat org.springframework.transaction.support.AbstractPlatformTransactionManager.processRollback(AbstractPlatformTransactionManager.java:938)\n | traceId: b7fcde203d7c60de
2025-07-15 14:33:56,845 ERROR [http-nio-8090-exec-3] [atlassian.confluence.status.SystemErrorInformationLogger] logException Unhandled exception, request unique ID: f47a9370-66fc-466c-b576-174f7fd899db -- traceId: b7fcde203d7c60deorg.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only...
2025-07-15 14:33:56,856 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
...
2025-07-15 14:33:56,878 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
...
2025-07-15 14:33:56,880 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
...
2025-07-15 14:33:56,883 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
...
2025-07-15 14:33:56,900 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
...
2025-07-15 14:33:56,903 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
...
2025-07-15 14:33:56,907 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
...
2025-07-15 14:33:56,913 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
...
2025-07-15 14:33:56,983 WARN [http-nio-8090-exec-3] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doRollback Performing rollback. Transactions:\n  ->[null]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT (Session #436763889) -- traceId: b7fcde203d7c60de
2025-07-15 14:33:56,983 WARN [http-nio-8090-exec-3] [confluence.impl.sitemesh.ConfluenceSitemeshDecorator] render TransactionException prevented transaction from committing whilst rendering the decorator, the cause is likely a previously logged exception: Transaction rolled back because it has been marked as rollback-only\nCause:  -- traceId: b7fcde203d7c60de

      That's associated with the following situation on Global Permissions:

      Workaround

      Workaround 1: Remove all admin permissions for all 'not found' groups.

      Workaround 2: Use the web UI to remove the 'not found' group records from the Global Permissions menu.

      Workaround 3: Delete the faulty groups from the database:

      1. Stop your instance.
      2. Make a full database backup,
      3. On the database, run the following query to get the records for the deleted group: 
        SELECTFROM spacepermissions 
WHERE permgroupname not in (Select group_name from cwd_group);
      4. Delete these records after verification: 
        DELETE
FROM spacepermissions
WHERE permgroupname not in (Select group_name from cwd_group);
      5. Start your instance and check if the users can authenticate.

        1. image-2025-07-17-17-04-17-703.png
          image-2025-07-17-17-04-17-703.png
          59 kB

            Robert Louie made changes -
            Description Original: h2. Summary

            Authentication fails for users who are not part of an admin group if there is a group with Confluence Administrator and/or System Administrator Global Permissions that no longer exists in the instance (scenario described on [CONFSERVER-81515|https://jira.atlassian.com/browse/CONFSERVER-81515] and [Deleted Groups shown as "Group not found" in Global Permissions and Space Permissions.|https://support.atlassian.com/confluence/kb/deleted-groups-shown-as-group-not-found-in-global-permissions-and-space-permissions/]
            h2. Version info
             * Confluence 9.2.6 LTS

            h2. Description
            h3. Issue Summary

            Users can't authenticate if there is any deleted group with administrative rights at Global Permissions.
            h3. Steps to Reproduce
             # {color:#172b4d}Deploy a Confluence 9.2.6.{color}
             # {color:#172b4d}Configure SSO/SAML integration in Confluence (optional).{color}
             # {color:#172b4d}Configure an external directory in Confluence and synchronize groups.{color}
             # {color:#172b4d}Add such groups to Confluence's Global Permission and grant them admin permissions.{color}
             # {color:#172b4d}Remove the external directory from Confluence.{color}
             # {color:#172b4d}Reindex the instance and confirm that these groups will still be listed in the Global Permission menu with a _Not found_ message below them.{color}
             # {color:#172b4d}Try to authenticate with a user that is not a member of the _confluence-administrator_ group.{color}

            h3. Expected Results

            Users not in an administrative group should be able to authenticate.
            h3. Actual Results

            Users not in an administrative group are unable to authenticate. During user authorization, the following errors show up in the log files.
            {code:java}
            2025-07-15 14:33:56,816 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- url: /synchrony/heartbeat | referer: https://example.org/spaces/SSO/pages/162594822/Any+page | traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,817 WARN [http-nio-8090-exec-3] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doRollback Performing rollback. Transactions:\n ->[com.atlassian.confluence.security.DefaultPermissionManager.isSystemAdministrator]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT,readOnly (Session #428955982) -- url: /synchrony/heartbeat | referer: https://example.org/spaces/SSO/pages/162594822/Any+page | traceId: b7fcde203d7c60de
            2025-07-15 14:33:56,819 ERROR [http-nio-8090-exec-3] [[Standalone].[localhost].[/].[default]] log Servlet.service() for servlet [default] in context with path [] threw exception
            2025-07-15 14:33:56,844 INFO [http-nio-8090-exec-3] [atlassian.confluence.status.SystemErrorInformationLogger] writeToLog \nRequest Unique ID : f47a9370-66fc-466c-b576-174f7fd899db\n--------------------------\nJVM Stats\n--------------------------\nxmx = 1073741824\nusedNonHeap = 553765912\navailableHeap = 191931960\navailableNonHeap = -1\nallocatedHeap = 1073741824\nfreeAllocatedHeap = 191931960\nmaxNonHeap = -1\navailablePermGen = 0\nmaxPermGen = -1\nmaxHeap = 1073741824\nusedHeap = 881809864\nusedPermGen = -1\nxms = 1073741824\n--------------------------\nRequest Information\n--------------------------\nURL: https://example.org/500page.jsp\nScheme: https\nServer: example.org\nPort: 443\nURI: /500page.jsp\nContext Path: \nServlet Path: /500page.jsp\nPath Info: null\nQuery String: _=1752604434491\n--------------------------\nAttributes\n--------------------------\njavax.servlet.forward.request_uri: /synchrony/heartbeat\njavax.servlet.forward.context_path: \njavax.servlet.forward.servlet_path: /synchrony/heartbeat\njavax.servlet.forward.query_string: _=1752604434491\njavax.servlet.forward.mapping: org.apache.catalina.core.ApplicationMapping$MappingImpl@5f718c27\norg.apache.catalina.AccessLog.RemoteAddr: 10.120.10.1\n__prepare_recursion_counter: 1\njavax.servlet.error.status_code: 500\nstruts.actionMapping: noActionMapping\nbrave.SpanCustomizer: SpanCustomizer(RealSpan(b7fcde203d7c60de/b7fcde203d7c60de))\norg.apache.struts2.dispatcher.filter.StrutsPrepareFilter.REQUEST_EXCLUDED_FROM_ACTION_MAPPING: false\ncom.opensymphony.sitemesh.APPLIED_ONCE: true\n__wrap_recursion_counter: 1\ncom.atlassian.confluence.web.filter.validateparam.RequestParamValidationFilter_already_filtered: true\natlassian.core.seraph.original.url: /500page.jsp?_=1752604434491\norg.apache.catalina.AccessLog.Protocol: HTTP/1.0\ncom.atlassian.gzipfilter.GzipFilter_already_filtered: true\n3af_annotated_permitted_checker: com.atlassian.confluence.impl.security.access.NoCheckAnnotatedPermitChecker@7927cfb2\ncom.atlassian.seraph.auth.LoginReason: OK\nsitemesh.secondaryStorageLimit: -1\norg.apache.catalina.AccessLog.ServerPort: 443\njavax.servlet.error.message: \njavax.servlet.error.servlet_name: default\norg.apache.tomcat.request.forwarded: true\nbrave.propagation.TraceContext: b7fcde203d7c60de/b7fcde203d7c60de\nbrave.servlet.TracingFilter$SendHandled: true\norg.apache.tomcat.remoteAddr: 10.120.10.1\nconfluence.secure.access.original.url: /synchrony/heartbeat?_=1752604434491\norg.apache.catalina.AccessLog.ServerName: example.org\nB3-TraceId: 3be2ae44984994\nloginfilter.already.filtered: true\njavax.servlet.error.request_uri: /synchrony/heartbeat\ncom.atlassian.core.filters.HeaderSanitisingFilter_already_filtered: true\ncom.atlassian.prettyurls.filter.PrettyUrlsSiteMeshFixupFilter: true\norg.apache.catalina.AccessLog.RemoteHost: 10.120.10.1\njavax.servlet.error.exception: org.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only\nos_securityfilter_already_filtered: true\ncom.atlassian.confluence.impl.sitemesh.DecoratorTimings: com.atlassian.confluence.impl.sitemesh.DecoratorTimings@57ad0745\ncom.atlassian.prettyurls.filter.PrettyUrlsSiteMeshFilter: true\n--------------------------\nParameters\n--------------------------\n_ : 1752604434491\ncaused by: org.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only\nat org.springframework.transaction.support.AbstractPlatformTransactionManager.processRollback(AbstractPlatformTransactionManager.java:938)\n | traceId: b7fcde203d7c60de
            2025-07-15 14:33:56,845 ERROR [http-nio-8090-exec-3] [atlassian.confluence.status.SystemErrorInformationLogger] logException Unhandled exception, request unique ID: f47a9370-66fc-466c-b576-174f7fd899db -- traceId: b7fcde203d7c60deorg.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only...
            2025-07-15 14:33:56,856 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,878 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,880 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,883 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,900 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,903 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,907 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,913 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,983 WARN [http-nio-8090-exec-3] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doRollback Performing rollback. Transactions:\n ->[null]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT (Session #436763889) -- traceId: b7fcde203d7c60de
            2025-07-15 14:33:56,983 WARN [http-nio-8090-exec-3] [confluence.impl.sitemesh.ConfluenceSitemeshDecorator] render TransactionException prevented transaction from committing whilst rendering the decorator, the cause is likely a previously logged exception: Transaction rolled back because it has been marked as rollback-only\nCause: -- traceId: b7fcde203d7c60de {code}
            That's associated with the following situation on Global Permissions:

            !image-2025-07-17-17-04-17-703.png|width=988,height=274!
            h3. Workaround

            *Workaround 1:* Remove all admin permissions for all 'not found' groups.

            *Workaround 2:* Use the web UI to remove the 'not found' group records from the Global Permissions menu.

            *Workaround 3:* Delete the faulty groups from the database:
             # Stop your instance.
             # Make a full database backup,
             # On the database, run the following query to get the records for the deleted group:
            {code:sql}
            SELECT * 
            FROM spacepermissions 
            WHERE permgroupname not in (Select group_name from cwd_group); {code}

             # Delete these records after verification:
            {code:sql}
            DELETE
            FROM spacepermissions
            WHERE permgroupname not in (Select group_name from cwd_group);{code}

             # Start your instance and check if the users can authenticate.             		New: h2. Summary

            Authentication fails for users who are not part of an admin group if there is a group with Confluence Administrator and/or System Administrator Global Permissions that no longer exists in the instance (scenario described on [CONFSERVER-81515|https://jira.atlassian.com/browse/CONFSERVER-81515] and [Deleted Groups shown as "Group not found" in Global Permissions and Space Permissions.|https://support.atlassian.com/confluence/kb/deleted-groups-shown-as-group-not-found-in-global-permissions-and-space-permissions/]
            h2. Version info
             * Confluence 9.2.6 LTS

            h2. Description
            h3. Issue Summary

            Users can't authenticate if there is any deleted group with administrative rights at Global Permissions.
            h3. Steps to Reproduce
             # {color:#172b4d}Deploy a Confluence 9.2.6.{color}
             # {color:#172b4d}Configure SSO/SAML integration in Confluence (optional).{color}
             # {color:#172b4d}Configure an external directory in Confluence and synchronize groups.{color}
             # {color:#172b4d}Add such groups to Confluence's Global Permission and grant them admin permissions.{color}
             # {color:#172b4d}Remove the external directory from Confluence.{color}
             # {color:#172b4d}Reindex the instance and confirm that these groups will still be listed in the Global Permission menu with a _Not found_ message below them.{color}
             # {color:#172b4d}Try to authenticate with a user that is not a member of the _confluence-administrator_ group.{color}

            h3. Expected Results

            Users not in an administrative group should be able to authenticate.
            h3. Actual Results

            Users not in an administrative group are unable to authenticate. During user authorization, the following errors show up in the log files.
            {code:java}
            2025-07-15 14:33:56,816 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- url: /synchrony/heartbeat | referer: https://example.org/spaces/SSO/pages/162594822/Any+page | traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,817 WARN [http-nio-8090-exec-3] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doRollback Performing rollback. Transactions:\n ->[com.atlassian.confluence.security.DefaultPermissionManager.isSystemAdministrator]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT,readOnly (Session #428955982) -- url: /synchrony/heartbeat | referer: https://example.org/spaces/SSO/pages/162594822/Any+page | traceId: b7fcde203d7c60de
            2025-07-15 14:33:56,819 ERROR [http-nio-8090-exec-3] [[Standalone].[localhost].[/].[default]] log Servlet.service() for servlet [default] in context with path [] threw exception
            2025-07-15 14:33:56,844 INFO [http-nio-8090-exec-3] [atlassian.confluence.status.SystemErrorInformationLogger] writeToLog \nRequest Unique ID : f47a9370-66fc-466c-b576-174f7fd899db\n--------------------------\nJVM Stats\n--------------------------\nxmx = 1073741824\nusedNonHeap = 553765912\navailableHeap = 191931960\navailableNonHeap = -1\nallocatedHeap = 1073741824\nfreeAllocatedHeap = 191931960\nmaxNonHeap = -1\navailablePermGen = 0\nmaxPermGen = -1\nmaxHeap = 1073741824\nusedHeap = 881809864\nusedPermGen = -1\nxms = 1073741824\n--------------------------\nRequest Information\n--------------------------\nURL: https://example.org/500page.jsp\nScheme: https\nServer: example.org\nPort: 443\nURI: /500page.jsp\nContext Path: \nServlet Path: /500page.jsp\nPath Info: null\nQuery String: _=1752604434491\n--------------------------\nAttributes\n--------------------------\njavax.servlet.forward.request_uri: /synchrony/heartbeat\njavax.servlet.forward.context_path: \njavax.servlet.forward.servlet_path: /synchrony/heartbeat\njavax.servlet.forward.query_string: _=1752604434491\njavax.servlet.forward.mapping: org.apache.catalina.core.ApplicationMapping$MappingImpl@5f718c27\norg.apache.catalina.AccessLog.RemoteAddr: 10.120.10.1\n__prepare_recursion_counter: 1\njavax.servlet.error.status_code: 500\nstruts.actionMapping: noActionMapping\nbrave.SpanCustomizer: SpanCustomizer(RealSpan(b7fcde203d7c60de/b7fcde203d7c60de))\norg.apache.struts2.dispatcher.filter.StrutsPrepareFilter.REQUEST_EXCLUDED_FROM_ACTION_MAPPING: false\ncom.opensymphony.sitemesh.APPLIED_ONCE: true\n__wrap_recursion_counter: 1\ncom.atlassian.confluence.web.filter.validateparam.RequestParamValidationFilter_already_filtered: true\natlassian.core.seraph.original.url: /500page.jsp?_=1752604434491\norg.apache.catalina.AccessLog.Protocol: HTTP/1.0\ncom.atlassian.gzipfilter.GzipFilter_already_filtered: true\n3af_annotated_permitted_checker: com.atlassian.confluence.impl.security.access.NoCheckAnnotatedPermitChecker@7927cfb2\ncom.atlassian.seraph.auth.LoginReason: OK\nsitemesh.secondaryStorageLimit: -1\norg.apache.catalina.AccessLog.ServerPort: 443\njavax.servlet.error.message: \njavax.servlet.error.servlet_name: default\norg.apache.tomcat.request.forwarded: true\nbrave.propagation.TraceContext: b7fcde203d7c60de/b7fcde203d7c60de\nbrave.servlet.TracingFilter$SendHandled: true\norg.apache.tomcat.remoteAddr: 10.120.10.1\nconfluence.secure.access.original.url: /synchrony/heartbeat?_=1752604434491\norg.apache.catalina.AccessLog.ServerName: example.org\nB3-TraceId: 3be2ae44984994\nloginfilter.already.filtered: true\njavax.servlet.error.request_uri: /synchrony/heartbeat\ncom.atlassian.core.filters.HeaderSanitisingFilter_already_filtered: true\ncom.atlassian.prettyurls.filter.PrettyUrlsSiteMeshFixupFilter: true\norg.apache.catalina.AccessLog.RemoteHost: 10.120.10.1\njavax.servlet.error.exception: org.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only\nos_securityfilter_already_filtered: true\ncom.atlassian.confluence.impl.sitemesh.DecoratorTimings: com.atlassian.confluence.impl.sitemesh.DecoratorTimings@57ad0745\ncom.atlassian.prettyurls.filter.PrettyUrlsSiteMeshFilter: true\n--------------------------\nParameters\n--------------------------\n_ : 1752604434491\ncaused by: org.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only\nat org.springframework.transaction.support.AbstractPlatformTransactionManager.processRollback(AbstractPlatformTransactionManager.java:938)\n | traceId: b7fcde203d7c60de
            2025-07-15 14:33:56,845 ERROR [http-nio-8090-exec-3] [atlassian.confluence.status.SystemErrorInformationLogger] logException Unhandled exception, request unique ID: f47a9370-66fc-466c-b576-174f7fd899db -- traceId: b7fcde203d7c60deorg.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only...
            2025-07-15 14:33:56,856 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,878 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,880 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,883 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,900 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,903 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,907 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,913 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,983 WARN [http-nio-8090-exec-3] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doRollback Performing rollback. Transactions:\n ->[null]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT (Session #436763889) -- traceId: b7fcde203d7c60de
            2025-07-15 14:33:56,983 WARN [http-nio-8090-exec-3] [confluence.impl.sitemesh.ConfluenceSitemeshDecorator] render TransactionException prevented transaction from committing whilst rendering the decorator, the cause is likely a previously logged exception: Transaction rolled back because it has been marked as rollback-only\nCause: -- traceId: b7fcde203d7c60de {code}
            That's associated with the following situation on Global Permissions:

            !image-2025-07-17-17-04-17-703.png|width=988,height=274!
            h3. Workaround

            *Workaround 1:* Remove all admin permissions for all 'not found' groups.

            *Workaround 2:* Use the web UI to remove the 'not found' group records from the Global Permissions menu.

            *Workaround 3:* Delete the faulty groups from the database:
             # Stop your instance.
             # Make a full database backup,
             # On the database, run the following query to get the records for the deleted group:
            {code:sql}
            SELECT * 
            FROM spacepermissions 
            WHERE permgroupname not in (Select group_name from cwd_group); {code}
             # Delete these records after verification:
            {code:sql}
            DELETE
            FROM spacepermissions
            WHERE permgroupname not in (Select group_name from cwd_group);{code}
             # Start your instance and check if the users can authenticate.
            Robert Louie made changes -
            Link New: This issue relates to CONFSERVER-81515 [ CONFSERVER-81515 ]
            Robert Louie made changes -
            Affects Version/s Original: 8.5.21 [ 112195 ]
            Affects Version/s New: 8.5.24 [ 113025 ]
            Robert Louie made changes -
            Affects Version/s New: 8.5.21 [ 112195 ]
            Marcelo da Costa made changes -
            Description Original: h2. Summary

            Authentication fails for users who are not part of an admin group if there is a group with Confluence Administrator and/or System Administrator Global Permissions that no longer exists in the instance (scenario described on [CONFSERVER-81515|https://jira.atlassian.com/browse/CONFSERVER-81515] and [Deleted Groups shown as "Group not found" in Global Permissions and Space Permissions.|https://support.atlassian.com/confluence/kb/deleted-groups-shown-as-group-not-found-in-global-permissions-and-space-permissions/]
            h2. Version info
             * Confluence 9.2.6 LTS

            h2. Description
            h3. Issue Summary

            Users can't authenticate if there is any deleted group with administrative rights at Global Permissions.
            h3. Steps to Reproduce
             # {color:#172b4d}Deploy a Confluence 9.2.6.{color}
             # {color:#172b4d}Configure SSO/SAML integration in Confluence (optional).{color}
             # {color:#172b4d}Configure an external directory in Confluence and synchronize groups.{color}
             # {color:#172b4d}Add such groups to Confluence's Global Permission and grant them admin permissions.{color}
             # {color:#172b4d}Remove the external directory from Confluence.{color}
             # {color:#172b4d}Reindex the instance and confirm that these groups will still be listed in the Global Permission menu with a _Not found_ message below them.{color}
             # {color:#172b4d}Try to authenticate with a user that is not a member of the _confluence-administrator_ group.{color}

            h3. Expected Results

            Users not in an administrative group should be able to authenticate.
            h3. Actual Results

            Users not in an administrative group are unable to authenticate. During user authorization, the following errors show up in the log files.
            {code:java}
            2025-07-15 14:33:56,816 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- url: /synchrony/heartbeat | referer: https://example.org/spaces/SSO/pages/162594822/Any+page | traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,817 WARN [http-nio-8090-exec-3] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doRollback Performing rollback. Transactions:\n ->[com.atlassian.confluence.security.DefaultPermissionManager.isSystemAdministrator]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT,readOnly (Session #428955982) -- url: /synchrony/heartbeat | referer: https://example.org/spaces/SSO/pages/162594822/Any+page | traceId: b7fcde203d7c60de
            2025-07-15 14:33:56,819 ERROR [http-nio-8090-exec-3] [[Standalone].[localhost].[/].[default]] log Servlet.service() for servlet [default] in context with path [] threw exception
            2025-07-15 14:33:56,844 INFO [http-nio-8090-exec-3] [atlassian.confluence.status.SystemErrorInformationLogger] writeToLog \nRequest Unique ID : f47a9370-66fc-466c-b576-174f7fd899db\n--------------------------\nJVM Stats\n--------------------------\nxmx = 1073741824\nusedNonHeap = 553765912\navailableHeap = 191931960\navailableNonHeap = -1\nallocatedHeap = 1073741824\nfreeAllocatedHeap = 191931960\nmaxNonHeap = -1\navailablePermGen = 0\nmaxPermGen = -1\nmaxHeap = 1073741824\nusedHeap = 881809864\nusedPermGen = -1\nxms = 1073741824\n--------------------------\nRequest Information\n--------------------------\nURL: https://example.org/500page.jsp\nScheme: https\nServer: example.org\nPort: 443\nURI: /500page.jsp\nContext Path: \nServlet Path: /500page.jsp\nPath Info: null\nQuery String: _=1752604434491\n--------------------------\nAttributes\n--------------------------\njavax.servlet.forward.request_uri: /synchrony/heartbeat\njavax.servlet.forward.context_path: \njavax.servlet.forward.servlet_path: /synchrony/heartbeat\njavax.servlet.forward.query_string: _=1752604434491\njavax.servlet.forward.mapping: org.apache.catalina.core.ApplicationMapping$MappingImpl@5f718c27\norg.apache.catalina.AccessLog.RemoteAddr: 10.120.10.1\n__prepare_recursion_counter: 1\njavax.servlet.error.status_code: 500\nstruts.actionMapping: noActionMapping\nbrave.SpanCustomizer: SpanCustomizer(RealSpan(b7fcde203d7c60de/b7fcde203d7c60de))\norg.apache.struts2.dispatcher.filter.StrutsPrepareFilter.REQUEST_EXCLUDED_FROM_ACTION_MAPPING: false\ncom.opensymphony.sitemesh.APPLIED_ONCE: true\n__wrap_recursion_counter: 1\ncom.atlassian.confluence.web.filter.validateparam.RequestParamValidationFilter_already_filtered: true\natlassian.core.seraph.original.url: /500page.jsp?_=1752604434491\norg.apache.catalina.AccessLog.Protocol: HTTP/1.0\ncom.atlassian.gzipfilter.GzipFilter_already_filtered: true\n3af_annotated_permitted_checker: com.atlassian.confluence.impl.security.access.NoCheckAnnotatedPermitChecker@7927cfb2\ncom.atlassian.seraph.auth.LoginReason: OK\nsitemesh.secondaryStorageLimit: -1\norg.apache.catalina.AccessLog.ServerPort: 443\njavax.servlet.error.message: \njavax.servlet.error.servlet_name: default\norg.apache.tomcat.request.forwarded: true\nbrave.propagation.TraceContext: b7fcde203d7c60de/b7fcde203d7c60de\nbrave.servlet.TracingFilter$SendHandled: true\norg.apache.tomcat.remoteAddr: 10.120.10.1\nconfluence.secure.access.original.url: /synchrony/heartbeat?_=1752604434491\norg.apache.catalina.AccessLog.ServerName: example.org\nB3-TraceId: 3be2ae44984994\nloginfilter.already.filtered: true\njavax.servlet.error.request_uri: /synchrony/heartbeat\ncom.atlassian.core.filters.HeaderSanitisingFilter_already_filtered: true\ncom.atlassian.prettyurls.filter.PrettyUrlsSiteMeshFixupFilter: true\norg.apache.catalina.AccessLog.RemoteHost: 10.120.10.1\njavax.servlet.error.exception: org.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only\nos_securityfilter_already_filtered: true\ncom.atlassian.confluence.impl.sitemesh.DecoratorTimings: com.atlassian.confluence.impl.sitemesh.DecoratorTimings@57ad0745\ncom.atlassian.prettyurls.filter.PrettyUrlsSiteMeshFilter: true\n--------------------------\nParameters\n--------------------------\n_ : 1752604434491\ncaused by: org.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only\nat org.springframework.transaction.support.AbstractPlatformTransactionManager.processRollback(AbstractPlatformTransactionManager.java:938)\n | traceId: b7fcde203d7c60de
            2025-07-15 14:33:56,845 ERROR [http-nio-8090-exec-3] [atlassian.confluence.status.SystemErrorInformationLogger] logException Unhandled exception, request unique ID: f47a9370-66fc-466c-b576-174f7fd899db -- traceId: b7fcde203d7c60deorg.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only...
            2025-07-15 14:33:56,856 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,878 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,880 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,883 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,900 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,903 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,907 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,913 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,983 WARN [http-nio-8090-exec-3] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doRollback Performing rollback. Transactions:\n ->[null]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT (Session #436763889) -- traceId: b7fcde203d7c60de
            2025-07-15 14:33:56,983 WARN [http-nio-8090-exec-3] [confluence.impl.sitemesh.ConfluenceSitemeshDecorator] render TransactionException prevented transaction from committing whilst rendering the decorator, the cause is likely a previously logged exception: Transaction rolled back because it has been marked as rollback-only\nCause: -- traceId: b7fcde203d7c60de {code}
            That's associated with the following situation on Global Permissions:

            !image-2025-07-17-15-39-27-446.png|width=624,height=173!
            h3. Workaround

            *Workaround 1:* Remove all admin permissions for all 'not found' groups.

            *Workaround 2:* Use the web UI to remove the 'not found' group records from the Global Permissions menu.

            *Workaround 3:* Delete the faulty groups from the database:
             # Stop your instance.
             # Make a full database backup,
             # On the database, run the following query to get the records for the deleted group:
            {code:sql}
            SELECT * 
            FROM spacepermissions 
            WHERE permgroupname not in (Select group_name from cwd_group); {code}
             # Delete these records after verification:
            {code:sql}
            DELETE
            FROM spacepermissions
            WHERE permgroupname not in (Select group_name from cwd_group);{code}
             # Start your instance and check if the users can authenticate.             		New: h2. Summary

            Authentication fails for users who are not part of an admin group if there is a group with Confluence Administrator and/or System Administrator Global Permissions that no longer exists in the instance (scenario described on [CONFSERVER-81515|https://jira.atlassian.com/browse/CONFSERVER-81515] and [Deleted Groups shown as "Group not found" in Global Permissions and Space Permissions.|https://support.atlassian.com/confluence/kb/deleted-groups-shown-as-group-not-found-in-global-permissions-and-space-permissions/]
            h2. Version info
             * Confluence 9.2.6 LTS

            h2. Description
            h3. Issue Summary

            Users can't authenticate if there is any deleted group with administrative rights at Global Permissions.
            h3. Steps to Reproduce
             # {color:#172b4d}Deploy a Confluence 9.2.6.{color}
             # {color:#172b4d}Configure SSO/SAML integration in Confluence (optional).{color}
             # {color:#172b4d}Configure an external directory in Confluence and synchronize groups.{color}
             # {color:#172b4d}Add such groups to Confluence's Global Permission and grant them admin permissions.{color}
             # {color:#172b4d}Remove the external directory from Confluence.{color}
             # {color:#172b4d}Reindex the instance and confirm that these groups will still be listed in the Global Permission menu with a _Not found_ message below them.{color}
             # {color:#172b4d}Try to authenticate with a user that is not a member of the _confluence-administrator_ group.{color}

            h3. Expected Results

            Users not in an administrative group should be able to authenticate.
            h3. Actual Results

            Users not in an administrative group are unable to authenticate. During user authorization, the following errors show up in the log files.
            {code:java}
            2025-07-15 14:33:56,816 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- url: /synchrony/heartbeat | referer: https://example.org/spaces/SSO/pages/162594822/Any+page | traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,817 WARN [http-nio-8090-exec-3] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doRollback Performing rollback. Transactions:\n ->[com.atlassian.confluence.security.DefaultPermissionManager.isSystemAdministrator]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT,readOnly (Session #428955982) -- url: /synchrony/heartbeat | referer: https://example.org/spaces/SSO/pages/162594822/Any+page | traceId: b7fcde203d7c60de
            2025-07-15 14:33:56,819 ERROR [http-nio-8090-exec-3] [[Standalone].[localhost].[/].[default]] log Servlet.service() for servlet [default] in context with path [] threw exception
            2025-07-15 14:33:56,844 INFO [http-nio-8090-exec-3] [atlassian.confluence.status.SystemErrorInformationLogger] writeToLog \nRequest Unique ID : f47a9370-66fc-466c-b576-174f7fd899db\n--------------------------\nJVM Stats\n--------------------------\nxmx = 1073741824\nusedNonHeap = 553765912\navailableHeap = 191931960\navailableNonHeap = -1\nallocatedHeap = 1073741824\nfreeAllocatedHeap = 191931960\nmaxNonHeap = -1\navailablePermGen = 0\nmaxPermGen = -1\nmaxHeap = 1073741824\nusedHeap = 881809864\nusedPermGen = -1\nxms = 1073741824\n--------------------------\nRequest Information\n--------------------------\nURL: https://example.org/500page.jsp\nScheme: https\nServer: example.org\nPort: 443\nURI: /500page.jsp\nContext Path: \nServlet Path: /500page.jsp\nPath Info: null\nQuery String: _=1752604434491\n--------------------------\nAttributes\n--------------------------\njavax.servlet.forward.request_uri: /synchrony/heartbeat\njavax.servlet.forward.context_path: \njavax.servlet.forward.servlet_path: /synchrony/heartbeat\njavax.servlet.forward.query_string: _=1752604434491\njavax.servlet.forward.mapping: org.apache.catalina.core.ApplicationMapping$MappingImpl@5f718c27\norg.apache.catalina.AccessLog.RemoteAddr: 10.120.10.1\n__prepare_recursion_counter: 1\njavax.servlet.error.status_code: 500\nstruts.actionMapping: noActionMapping\nbrave.SpanCustomizer: SpanCustomizer(RealSpan(b7fcde203d7c60de/b7fcde203d7c60de))\norg.apache.struts2.dispatcher.filter.StrutsPrepareFilter.REQUEST_EXCLUDED_FROM_ACTION_MAPPING: false\ncom.opensymphony.sitemesh.APPLIED_ONCE: true\n__wrap_recursion_counter: 1\ncom.atlassian.confluence.web.filter.validateparam.RequestParamValidationFilter_already_filtered: true\natlassian.core.seraph.original.url: /500page.jsp?_=1752604434491\norg.apache.catalina.AccessLog.Protocol: HTTP/1.0\ncom.atlassian.gzipfilter.GzipFilter_already_filtered: true\n3af_annotated_permitted_checker: com.atlassian.confluence.impl.security.access.NoCheckAnnotatedPermitChecker@7927cfb2\ncom.atlassian.seraph.auth.LoginReason: OK\nsitemesh.secondaryStorageLimit: -1\norg.apache.catalina.AccessLog.ServerPort: 443\njavax.servlet.error.message: \njavax.servlet.error.servlet_name: default\norg.apache.tomcat.request.forwarded: true\nbrave.propagation.TraceContext: b7fcde203d7c60de/b7fcde203d7c60de\nbrave.servlet.TracingFilter$SendHandled: true\norg.apache.tomcat.remoteAddr: 10.120.10.1\nconfluence.secure.access.original.url: /synchrony/heartbeat?_=1752604434491\norg.apache.catalina.AccessLog.ServerName: example.org\nB3-TraceId: 3be2ae44984994\nloginfilter.already.filtered: true\njavax.servlet.error.request_uri: /synchrony/heartbeat\ncom.atlassian.core.filters.HeaderSanitisingFilter_already_filtered: true\ncom.atlassian.prettyurls.filter.PrettyUrlsSiteMeshFixupFilter: true\norg.apache.catalina.AccessLog.RemoteHost: 10.120.10.1\njavax.servlet.error.exception: org.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only\nos_securityfilter_already_filtered: true\ncom.atlassian.confluence.impl.sitemesh.DecoratorTimings: com.atlassian.confluence.impl.sitemesh.DecoratorTimings@57ad0745\ncom.atlassian.prettyurls.filter.PrettyUrlsSiteMeshFilter: true\n--------------------------\nParameters\n--------------------------\n_ : 1752604434491\ncaused by: org.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only\nat org.springframework.transaction.support.AbstractPlatformTransactionManager.processRollback(AbstractPlatformTransactionManager.java:938)\n | traceId: b7fcde203d7c60de
            2025-07-15 14:33:56,845 ERROR [http-nio-8090-exec-3] [atlassian.confluence.status.SystemErrorInformationLogger] logException Unhandled exception, request unique ID: f47a9370-66fc-466c-b576-174f7fd899db -- traceId: b7fcde203d7c60deorg.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only...
            2025-07-15 14:33:56,856 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,878 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,880 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,883 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,900 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,903 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,907 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,913 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,983 WARN [http-nio-8090-exec-3] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doRollback Performing rollback. Transactions:\n ->[null]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT (Session #436763889) -- traceId: b7fcde203d7c60de
            2025-07-15 14:33:56,983 WARN [http-nio-8090-exec-3] [confluence.impl.sitemesh.ConfluenceSitemeshDecorator] render TransactionException prevented transaction from committing whilst rendering the decorator, the cause is likely a previously logged exception: Transaction rolled back because it has been marked as rollback-only\nCause: -- traceId: b7fcde203d7c60de {code}
            That's associated with the following situation on Global Permissions:

            !image-2025-07-17-17-04-17-703.png|width=988,height=274!
            h3. Workaround

            *Workaround 1:* Remove all admin permissions for all 'not found' groups.

            *Workaround 2:* Use the web UI to remove the 'not found' group records from the Global Permissions menu.

            *Workaround 3:* Delete the faulty groups from the database:
             # Stop your instance.
             # Make a full database backup,
             # On the database, run the following query to get the records for the deleted group:
            {code:sql}
            SELECT * 
            FROM spacepermissions 
            WHERE permgroupname not in (Select group_name from cwd_group); {code}

             # Delete these records after verification:
            {code:sql}
            DELETE
            FROM spacepermissions
            WHERE permgroupname not in (Select group_name from cwd_group);{code}

             # Start your instance and check if the users can authenticate.
            Marcelo da Costa made changes -
            Attachment New: image-2025-07-17-17-04-17-703.png [ 506196 ]
            Ricardo Schieber made changes -
            Description Original: h2. Summary

            Authentication fails for users who are not part of an admin group if there is a group with Confluence Administrator and/or System Administrator Global Permissions that no longer exists in the instance (scenario described on [CONFSERVER-81515|https://jira.atlassian.com/browse/CONFSERVER-81515] and [Deleted Groups shown as "Group not found" in Global Permissions and Space Permissions.|https://support.atlassian.com/confluence/kb/deleted-groups-shown-as-group-not-found-in-global-permissions-and-space-permissions/]
            h2. Version info
             * Confluence 9.2.6 LTS

            h2. Description
            h3. Issue Summary

            Users can't authenticate if there is any deleted group with administrative rights at Global Permissions.
            h3. Steps to Reproduce
             # {color:#172b4d}Deploy a Confluence 9.2.6.{color}
             # {color:#172b4d}Configure SSO/SAML integration in Confluence (optional).{color}
             # {color:#172b4d}Configure an external directory in Confluence and synchronize groups.{color}
             # {color:#172b4d}Add such groups to Confluence's Global Permission and grant them admin permissions.{color}
             # {color:#172b4d}Remove the external directory from Confluence.{color}
             # {color:#172b4d}Reindex the instance and confirm that these groups will still be listed in the Global Permission menu with a _Not found_ message below them.{color}
             # {color:#172b4d}Try to authenticate with a user that is not a member of the _confluence-administrator_ group.{color}

            h3. Expected Results

            Users not in an administrative group should be able to authenticate.
            h3. Actual Results

            Users not in an administrative group are unable to authenticate. During user authorization, the following errors show up in the log files.
            {code:java}
            2025-07-15 14:33:56,816 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- url: /synchrony/heartbeat | referer: https://example.org/spaces/SSO/pages/162594822/Any+page | traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,817 WARN [http-nio-8090-exec-3] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doRollback Performing rollback. Transactions:\n ->[com.atlassian.confluence.security.DefaultPermissionManager.isSystemAdministrator]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT,readOnly (Session #428955982) -- url: /synchrony/heartbeat | referer: https://example.org/spaces/SSO/pages/162594822/Any+page | traceId: b7fcde203d7c60de
            2025-07-15 14:33:56,819 ERROR [http-nio-8090-exec-3] [[Standalone].[localhost].[/].[default]] log Servlet.service() for servlet [default] in context with path [] threw exception
            2025-07-15 14:33:56,844 INFO [http-nio-8090-exec-3] [atlassian.confluence.status.SystemErrorInformationLogger] writeToLog \nRequest Unique ID : f47a9370-66fc-466c-b576-174f7fd899db\n--------------------------\nJVM Stats\n--------------------------\nxmx = 1073741824\nusedNonHeap = 553765912\navailableHeap = 191931960\navailableNonHeap = -1\nallocatedHeap = 1073741824\nfreeAllocatedHeap = 191931960\nmaxNonHeap = -1\navailablePermGen = 0\nmaxPermGen = -1\nmaxHeap = 1073741824\nusedHeap = 881809864\nusedPermGen = -1\nxms = 1073741824\n--------------------------\nRequest Information\n--------------------------\nURL: https://example.org/500page.jsp\nScheme: https\nServer: example.org\nPort: 443\nURI: /500page.jsp\nContext Path: \nServlet Path: /500page.jsp\nPath Info: null\nQuery String: _=1752604434491\n--------------------------\nAttributes\n--------------------------\njavax.servlet.forward.request_uri: /synchrony/heartbeat\njavax.servlet.forward.context_path: \njavax.servlet.forward.servlet_path: /synchrony/heartbeat\njavax.servlet.forward.query_string: _=1752604434491\njavax.servlet.forward.mapping: org.apache.catalina.core.ApplicationMapping$MappingImpl@5f718c27\norg.apache.catalina.AccessLog.RemoteAddr: 10.120.10.1\n__prepare_recursion_counter: 1\njavax.servlet.error.status_code: 500\nstruts.actionMapping: noActionMapping\nbrave.SpanCustomizer: SpanCustomizer(RealSpan(b7fcde203d7c60de/b7fcde203d7c60de))\norg.apache.struts2.dispatcher.filter.StrutsPrepareFilter.REQUEST_EXCLUDED_FROM_ACTION_MAPPING: false\ncom.opensymphony.sitemesh.APPLIED_ONCE: true\n__wrap_recursion_counter: 1\ncom.atlassian.confluence.web.filter.validateparam.RequestParamValidationFilter_already_filtered: true\natlassian.core.seraph.original.url: /500page.jsp?_=1752604434491\norg.apache.catalina.AccessLog.Protocol: HTTP/1.0\ncom.atlassian.gzipfilter.GzipFilter_already_filtered: true\n3af_annotated_permitted_checker: com.atlassian.confluence.impl.security.access.NoCheckAnnotatedPermitChecker@7927cfb2\ncom.atlassian.seraph.auth.LoginReason: OK\nsitemesh.secondaryStorageLimit: -1\norg.apache.catalina.AccessLog.ServerPort: 443\njavax.servlet.error.message: \njavax.servlet.error.servlet_name: default\norg.apache.tomcat.request.forwarded: true\nbrave.propagation.TraceContext: b7fcde203d7c60de/b7fcde203d7c60de\nbrave.servlet.TracingFilter$SendHandled: true\norg.apache.tomcat.remoteAddr: 10.120.10.1\nconfluence.secure.access.original.url: /synchrony/heartbeat?_=1752604434491\norg.apache.catalina.AccessLog.ServerName: example.org\nB3-TraceId: 3be2ae44984994\nloginfilter.already.filtered: true\njavax.servlet.error.request_uri: /synchrony/heartbeat\ncom.atlassian.core.filters.HeaderSanitisingFilter_already_filtered: true\ncom.atlassian.prettyurls.filter.PrettyUrlsSiteMeshFixupFilter: true\norg.apache.catalina.AccessLog.RemoteHost: 10.120.10.1\njavax.servlet.error.exception: org.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only\nos_securityfilter_already_filtered: true\ncom.atlassian.confluence.impl.sitemesh.DecoratorTimings: com.atlassian.confluence.impl.sitemesh.DecoratorTimings@57ad0745\ncom.atlassian.prettyurls.filter.PrettyUrlsSiteMeshFilter: true\n--------------------------\nParameters\n--------------------------\n_ : 1752604434491\ncaused by: org.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only\nat org.springframework.transaction.support.AbstractPlatformTransactionManager.processRollback(AbstractPlatformTransactionManager.java:938)\n | traceId: b7fcde203d7c60de
            2025-07-15 14:33:56,845 ERROR [http-nio-8090-exec-3] [atlassian.confluence.status.SystemErrorInformationLogger] logException Unhandled exception, request unique ID: f47a9370-66fc-466c-b576-174f7fd899db -- traceId: b7fcde203d7c60deorg.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only...
            2025-07-15 14:33:56,856 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,878 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,880 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,883 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,900 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,903 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,907 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,913 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,983 WARN [http-nio-8090-exec-3] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doRollback Performing rollback. Transactions:\n ->[null]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT (Session #436763889) -- traceId: b7fcde203d7c60de
            2025-07-15 14:33:56,983 WARN [http-nio-8090-exec-3] [confluence.impl.sitemesh.ConfluenceSitemeshDecorator] render TransactionException prevented transaction from committing whilst rendering the decorator, the cause is likely a previously logged exception: Transaction rolled back because it has been marked as rollback-only\nCause: -- traceId: b7fcde203d7c60de {code}
            That's associated with the following situation on Global Permissions:

            !image-2025-07-17-15-39-27-446.png|width=624,height=173!
            h3. Workaround

            *Workaround 1:* Remove all admin permissions for all 'not found' groups.

            *Workaround 2:* Use the web UI to remove the 'not found' group records from the Global Permissions menu.

            *Workaround 3:* Delete the faulty groups from the database:
             # Stop your instance.
             # Make a full database backup,
             # On the database, run the following query to get the records for the deleted group:
            {code:sql}
            SELECT * 
            FROM spacepermissions 
            WHERE permgroupname not in (Select group_name from cwd_group); {code}

             # Delete these records after verification:
            {code:sql}
            DELETE
            FROM spacepermissions
            WHERE permgroupname not in (Select group_name from cwd_group);{code}

             # Start your instance and check if the users can authenticate.             		New: h2. Summary

            Authentication fails for users who are not part of an admin group if there is a group with Confluence Administrator and/or System Administrator Global Permissions that no longer exists in the instance (scenario described on [CONFSERVER-81515|https://jira.atlassian.com/browse/CONFSERVER-81515] and [Deleted Groups shown as "Group not found" in Global Permissions and Space Permissions.|https://support.atlassian.com/confluence/kb/deleted-groups-shown-as-group-not-found-in-global-permissions-and-space-permissions/]
            h2. Version info
             * Confluence 9.2.6 LTS

            h2. Description
            h3. Issue Summary

            Users can't authenticate if there is any deleted group with administrative rights at Global Permissions.
            h3. Steps to Reproduce
             # {color:#172b4d}Deploy a Confluence 9.2.6.{color}
             # {color:#172b4d}Configure SSO/SAML integration in Confluence (optional).{color}
             # {color:#172b4d}Configure an external directory in Confluence and synchronize groups.{color}
             # {color:#172b4d}Add such groups to Confluence's Global Permission and grant them admin permissions.{color}
             # {color:#172b4d}Remove the external directory from Confluence.{color}
             # {color:#172b4d}Reindex the instance and confirm that these groups will still be listed in the Global Permission menu with a _Not found_ message below them.{color}
             # {color:#172b4d}Try to authenticate with a user that is not a member of the _confluence-administrator_ group.{color}

            h3. Expected Results

            Users not in an administrative group should be able to authenticate.
            h3. Actual Results

            Users not in an administrative group are unable to authenticate. During user authorization, the following errors show up in the log files.
            {code:java}
            2025-07-15 14:33:56,816 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- url: /synchrony/heartbeat | referer: https://example.org/spaces/SSO/pages/162594822/Any+page | traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,817 WARN [http-nio-8090-exec-3] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doRollback Performing rollback. Transactions:\n ->[com.atlassian.confluence.security.DefaultPermissionManager.isSystemAdministrator]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT,readOnly (Session #428955982) -- url: /synchrony/heartbeat | referer: https://example.org/spaces/SSO/pages/162594822/Any+page | traceId: b7fcde203d7c60de
            2025-07-15 14:33:56,819 ERROR [http-nio-8090-exec-3] [[Standalone].[localhost].[/].[default]] log Servlet.service() for servlet [default] in context with path [] threw exception
            2025-07-15 14:33:56,844 INFO [http-nio-8090-exec-3] [atlassian.confluence.status.SystemErrorInformationLogger] writeToLog \nRequest Unique ID : f47a9370-66fc-466c-b576-174f7fd899db\n--------------------------\nJVM Stats\n--------------------------\nxmx = 1073741824\nusedNonHeap = 553765912\navailableHeap = 191931960\navailableNonHeap = -1\nallocatedHeap = 1073741824\nfreeAllocatedHeap = 191931960\nmaxNonHeap = -1\navailablePermGen = 0\nmaxPermGen = -1\nmaxHeap = 1073741824\nusedHeap = 881809864\nusedPermGen = -1\nxms = 1073741824\n--------------------------\nRequest Information\n--------------------------\nURL: https://example.org/500page.jsp\nScheme: https\nServer: example.org\nPort: 443\nURI: /500page.jsp\nContext Path: \nServlet Path: /500page.jsp\nPath Info: null\nQuery String: _=1752604434491\n--------------------------\nAttributes\n--------------------------\njavax.servlet.forward.request_uri: /synchrony/heartbeat\njavax.servlet.forward.context_path: \njavax.servlet.forward.servlet_path: /synchrony/heartbeat\njavax.servlet.forward.query_string: _=1752604434491\njavax.servlet.forward.mapping: org.apache.catalina.core.ApplicationMapping$MappingImpl@5f718c27\norg.apache.catalina.AccessLog.RemoteAddr: 10.120.10.1\n__prepare_recursion_counter: 1\njavax.servlet.error.status_code: 500\nstruts.actionMapping: noActionMapping\nbrave.SpanCustomizer: SpanCustomizer(RealSpan(b7fcde203d7c60de/b7fcde203d7c60de))\norg.apache.struts2.dispatcher.filter.StrutsPrepareFilter.REQUEST_EXCLUDED_FROM_ACTION_MAPPING: false\ncom.opensymphony.sitemesh.APPLIED_ONCE: true\n__wrap_recursion_counter: 1\ncom.atlassian.confluence.web.filter.validateparam.RequestParamValidationFilter_already_filtered: true\natlassian.core.seraph.original.url: /500page.jsp?_=1752604434491\norg.apache.catalina.AccessLog.Protocol: HTTP/1.0\ncom.atlassian.gzipfilter.GzipFilter_already_filtered: true\n3af_annotated_permitted_checker: com.atlassian.confluence.impl.security.access.NoCheckAnnotatedPermitChecker@7927cfb2\ncom.atlassian.seraph.auth.LoginReason: OK\nsitemesh.secondaryStorageLimit: -1\norg.apache.catalina.AccessLog.ServerPort: 443\njavax.servlet.error.message: \njavax.servlet.error.servlet_name: default\norg.apache.tomcat.request.forwarded: true\nbrave.propagation.TraceContext: b7fcde203d7c60de/b7fcde203d7c60de\nbrave.servlet.TracingFilter$SendHandled: true\norg.apache.tomcat.remoteAddr: 10.120.10.1\nconfluence.secure.access.original.url: /synchrony/heartbeat?_=1752604434491\norg.apache.catalina.AccessLog.ServerName: example.org\nB3-TraceId: 3be2ae44984994\nloginfilter.already.filtered: true\njavax.servlet.error.request_uri: /synchrony/heartbeat\ncom.atlassian.core.filters.HeaderSanitisingFilter_already_filtered: true\ncom.atlassian.prettyurls.filter.PrettyUrlsSiteMeshFixupFilter: true\norg.apache.catalina.AccessLog.RemoteHost: 10.120.10.1\njavax.servlet.error.exception: org.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only\nos_securityfilter_already_filtered: true\ncom.atlassian.confluence.impl.sitemesh.DecoratorTimings: com.atlassian.confluence.impl.sitemesh.DecoratorTimings@57ad0745\ncom.atlassian.prettyurls.filter.PrettyUrlsSiteMeshFilter: true\n--------------------------\nParameters\n--------------------------\n_ : 1752604434491\ncaused by: org.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only\nat org.springframework.transaction.support.AbstractPlatformTransactionManager.processRollback(AbstractPlatformTransactionManager.java:938)\n | traceId: b7fcde203d7c60de
            2025-07-15 14:33:56,845 ERROR [http-nio-8090-exec-3] [atlassian.confluence.status.SystemErrorInformationLogger] logException Unhandled exception, request unique ID: f47a9370-66fc-466c-b576-174f7fd899db -- traceId: b7fcde203d7c60deorg.springframework.transaction.UnexpectedRollbackException: Transaction rolled back because it has been marked as rollback-only...
            2025-07-15 14:33:56,856 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,878 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,880 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,883 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,900 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,903 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,907 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,913 ERROR [http-nio-8090-exec-3] [confluence.impl.security.AbstractSpacePermissionManager] checkPermissionNoExemptions Error checking permission (). Denying access. -- traceId: b7fcde203d7c60dejava.lang.NullPointerException: Cannot invoke "com.atlassian.crowd.embedded.api.Group.getName()" because "group" is null
            ...
            2025-07-15 14:33:56,983 WARN [http-nio-8090-exec-3] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doRollback Performing rollback. Transactions:\n ->[null]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT (Session #436763889) -- traceId: b7fcde203d7c60de
            2025-07-15 14:33:56,983 WARN [http-nio-8090-exec-3] [confluence.impl.sitemesh.ConfluenceSitemeshDecorator] render TransactionException prevented transaction from committing whilst rendering the decorator, the cause is likely a previously logged exception: Transaction rolled back because it has been marked as rollback-only\nCause: -- traceId: b7fcde203d7c60de {code}
            That's associated with the following situation on Global Permissions:

            !image-2025-07-17-15-39-27-446.png|width=624,height=173!
            h3. Workaround

            *Workaround 1:* Remove all admin permissions for all 'not found' groups.

            *Workaround 2:* Use the web UI to remove the 'not found' group records from the Global Permissions menu.

            *Workaround 3:* Delete the faulty groups from the database:
             # Stop your instance.
             # Make a full database backup,
             # On the database, run the following query to get the records for the deleted group:
            {code:sql}
            SELECT * 
            FROM spacepermissions 
            WHERE permgroupname not in (Select group_name from cwd_group); {code}
             # Delete these records after verification:
            {code:sql}
            DELETE
            FROM spacepermissions
            WHERE permgroupname not in (Select group_name from cwd_group);{code}
             # Start your instance and check if the users can authenticate.
            Marcelo da Costa created issue -

              Unassigned Unassigned
              8ccca53078e5 Marcelo da Costa
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: