Automating Account Disabling in JIRA - jira

I've been reading some feature request-style threads in Atlassian's own JIRA install on how to disable (not remove) users in JIRA, and their suggested solution involves a series of UI actions. For the number of users that our organization supports, this needs to be automated with the rest of our employee account provisioning logic.
I've been looking in the JIRA database and found the membershipbase table, but simply removing records from here WHERE USER_NAME="$username" doesn't seem to have a completely successful outcome. When I go to the User Browser in the Administration section and look up that user, groups still appear for the user.
Does anyone have any experience with this that could point me in the right direction on any other tables I need to modify?
Thanks in advance,
-aj

Maybe you should take a look at Atlassian's Crowd. Even if you don't use SSO, it may help you to integrate with your existing infrastructure for handling authentication and authorization (i.e. groups) centrally. It also provides an administrative frontend that is designed for the corresponding tasks.

You could have a look at the EditUserGroups.setGroupsToLeave() method. As far as I remember, users need to be in the jira-users group to log in. So, if you remove this group from the user, it may be effectively what you need (not delete but deactive user acount).
If this does not help, I'd look into the source code of JIRA (which is available for all types of licenses afaik) to see which tables are modified by the above method.

Related

is it possible to create an OBIEE Analytics on user activity report?

I am a BI administrator and author on my OBIEE (12.2.1.3.0). I need to create an analytics on users' browsing history. And then share it to their manager who is just another normal user himself (not an administrator). So I searched on Google for a solution. but, I didn't find anything other than "Manage Sessions" section in administration. However, that just shows online sessions, but I need the report per user and their last login time and browsing information. Besides, I don't want to give the manager administration privilege to access this section. instead, I want to create an analytics for him. but for analytics I need a relevant "Subject Area". I don't know if there is a table in OBIEE repository where I can query from. or generally, I might be thinking incorrectly and there are other ways to handle this kind of requirement. Any idea?
Actually yes, it is possible. As you may know, OBIEE repository tables, which can be used to show to end users as subject area that this is usgae tracking utility, just track information around sent queries to BI server and not more about users specifically.
In this occasion, you can use a method which called enhanced usage tracking for OBIEE that is presented completely here:
https://www.rittmanmead.com/blog/2016/12/enhanced-usage-tracking-for-obiee-now-available-as-open-source/
This is exactly what you want. All detail information about users activities in OBIEE and enve some redundant ones. You can create a physical table, then add it to repository file and display as subject area to end user with any permission.
Of course, according to your software environment or implementation structure, you are supposed to make some changes in this manner.
I hope this goes well.

Cannot manage security in TFS 2018 on a Team Project with Project Collection Adminstrator Role

I have been converting access to Team projects using Active Directory groups.
I am a project collection admin and we host around 40 odd team projects.
On all the other proects everything is fine, I have been able to add all the AD groups I needed to the Various TFS groups that exist in a Team Project (Contributors, Readers etc).
When I come to the problem project I can see the add button, and I am able to search for and select the AD group I want, but when I click save, I see a red banner message with the text:
Unable to add members to this group.
Failed to resolve the specified groups to join.
You do not have sufficient permissions to add members to the following groups:
[Team Project]\Build Administrators
I have looked at the oi and all I can see around the time of the issue are activities reporting a 200 response.
I am looking at the api and the database to see what I can do but not sure where to start. I thought I might be able to see something about security but it is asking for a guid that I am not sure how to get hold of.
Looking at the database I thought there might be a security table, but not sure where to start.
I'm going to keep looking at what to do, so I am going to keep this updated
update 2019-03-27
We have a support call open with Microsoft, I still have issues managing the teams, but I have been able to update the team via the Apis, I even found a useful little CLI tool to help with the tasks I needed to do.
In my case, I was trying to add someone to a group that I was in - which I don't need since I'm a Project Administrator. Once I took myself out of the group, I was able to add others again.
Got the answer and the fix worked.
After a lot of back and forth, sending files and running some tfssecurity queries, they were able to determine the problem.
What I had done was add the domain User AD containing our project collection admin account in as a project reader, as the security on tfs works on a least level principle it was then applying a deny permision on my Project collection admin account, by simply removing the AD group from the reader level, which I was able to do, the ablity to manage the securities came back.
I havent been able to find the specific group that I belonged to that then set the deny, but there is no denying that removing the AD group from the reader level fixed the issue.

In Atlassian Jira 4.1.2 how can I make a profile that may only view users of the system?

Experience with Jira is based on what I have seen from clicking through the project. There is no knowledge transfer as all people who knew this customized system left over a year ago.
As for the Atlassian PDF guide, it is not able to assist because the feature to add users and manage the users in Jira have been removed. An external LDAP system is where the users are managed.
I can view the User Browser and see users and do some editing of a profile and even delete the user from a navigation link in the footer.
But the real question at hand is, what do I need to do in order to
A. Assign users to an Organization Role that only allows them
1: A view only mode of the users in that Organization
2: View the details of the user and that users permissions/roles given
I've been looking for a few days now and just keep running into brick walls.
Thank you.
The upgrading of the system to the new version is not an option due to the extensive undocumented modifications made to Jira. It has been tried 3 times in the past 2 years without success.
I am answering based on JIRA 5.2 and higher experience.
Only place to see list of users is User Manager and you need to be JIRA admin to access it. So it's not a solution for you.
I searched for addon doing this but no luck. Moreover your JIRA is too old to be supported by addon providers.
The same story with JIRA REST API. Looks like for JIRA 4.1 you need to use JIRA REST 1.0 (current is 2.0) and I can not find docs for it.
I believe it's possible to write the addon to accomplish what you need but again it's not smart to invest in obsolete JIRA.
The most right solution is still migrate to the newest version of JIRA. Maybe you need abandon the undocumented changes or rewrite them into JIRA addons. It will not be easy and it can be costly but looks like you do not have too many options.
Task has been abandoned.
No answer to bad implementation and poor engineering practices when one is to continue to follow them.
I'd delete the post entirely but I'd rather give credit to the few that tried to provide some insight. Thanks again.

Discussions and email notifications on TFS tasks

We're new to TFS and have some tasks set up in Team Explorer. It seems the History pane is the right/best place to add notes/discussions (although it's very different from other tools I'm used to like bugzilla, jira, redmine)?
But how can we set it up so interested parties get notified of new comments on a task, preferably by email? We're all making it up as we go along with no prior TFS experience but I'd hope my experience with other tools (the project hasn't used a proper issue tracker before) would help me figure things out but it all seems rather confusing.
If you install the TFS 2010 Power Tools (this is removed for 2012 as it's setup in the web interface according to this link although I've not played with this in 2012), under Team > Alerts Explorer you can add alerts for email notifications.
It's pretty simple, you can get alerts for when work items are modified, created under a certain path, assigned to you etc, they are basically configured in a similar way to the work item queries so it's quite easy to setup what you want.
They can be setup by any users, so you might want to let your users setup their own custom rules as they like, then you logon as a generic user (such as your admin user) to setup team specific queries, or else you might end up with users complaining about getting emails no longer relevent to them or need changing, when the user that set them up leaves/moves etc... Else you'll be hunting round to find who setup the original rules.

Securing web application on the data access level

Please consider the following setup:
Multi-tenant webapp.
Tenants create company accounts and company accounts have user accounts under them.
Users have roles, there's a special role "Owner" (the user who created the company account).
I'd like to have users to edit other user accounts (some admin tasks), but two conditions must be met:
Noone may edit owner's data (except for owner, when he's editing his own profile, and own profile editing is the same user editing).
Users may access user data and edit users only within their company account.
The app uses MVC architecture. Currently I check for those two conditions in the web layer and it works for me, but I have some concerns. If I go with some sort of API or some other type of data consumer, I may "forget" to re-inforce these conditions. Also, there will be other objects in the app with similar functionality requirements and which will have similar restrictions on them, so it's better for me to come up with some sort of pattern which will enforce my restrictions on data access level.
Could anyone recommend some approach worth looking into?
Thanks!
I beleive aspects or interceptors should be able to help you. If you work with objects you should be able to intercept requests containing your business data and check wether your user is allowed to work on it. The interceptor could then stop or proceed the execution.

Resources