プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Fisheye および Crucible は除く

目的

The Crowd UI does not currently provide a way to bulk delete groups.  If a customer has mistakenly created 100s of groups due to a mistake in configuring their LDAP filter, there is no easy way to remove the extraneous groups. SQL commands can be used to remove the unwanted groups, provided you take proper care.

次のようにします。

• It's important to shut down Crowd while deleting the groups to prevent your users from encountering errors.
• ユーザーとグループに関連するメモリ内のキャッシュをリセットするために再起動が必要です。

• If you use LDAP for user management, groups will be re-created on the next sync unless you modify your LDAP filter to exclude the groups in question, or you remove those unwanted groups from your LDAP directory.

• SQL クエリはテスト環境でテストするようにしてください。グループやグループ メンバーシップを削除した場合にそれらを戻すことはできません。

診断

• You have 50+ groups in Crowd that interfere with your ability to manage group membership. You are unable to remove the groups via the UI or by modifying the LDAP filter. 

回避策

Before proceeding with the instructions below, check for usage of these groups in the Crowd UI (http://<baseurl>/crowd/console/secure/group/browse.action) to be sure that removing these groups will not break your instance, and then use the queries provided below to make additional checks. 

IMPORTANT:  The user and group names in the queries are case sensitive.  These queries have been tested in Postgres and MySQL and were tested in Crowd 2.8. You may need to modify the syntax to work for other supported databases. 

セクション 1: グループを安全に削除できるかどうかを確認 

NOTE: A group that is safe to delete has no members and is not referenced in any permissions.

1. 次の SQL スクリプトを実行して空のグループを見つけます。 

   SELECT id, lower_group_name FROM cwd_group
   WHERE cwd_group.id NOT IN
   (SELECT cwd_membership.parent_id FROM cwd_membership);

   注: id とグループ名は以降のスクリプトで使用します。
   
   

2. 次の SQL スクリプトを実行し、削除対象のグループにメンバーが含まれないことを確認します。
   

   SELECT * FROM cwd_membership
   WHERE parent_id IN (id1, id2);

   
   

3. Run the SQL script below to check if groups are used in permission mapping:
   Note: Permission mapping is only used when "Allow all to authenticate" is set to "FALSE", in which case specific groups needs to be defined so that only those groups' members can authenticate.

   SELECT * FROM cwd_app_dir_group_mapping 
   WHERE group_name IN ('group-to-delete', 'another-group-to-delete');

   Note: Note the id to be used in the next script.
    

4. Run the SQL script below to check if groups are used to grant permissions. Use the id from the script above:
   

   SELECT * FROM cwd_granted_perm
   WHERE group_mapping IN (id1, id2);

セクション 2: グループを削除するための SQL スクリプト

グループを削除しても絶対に安全だと判断できた場合、以降のスクリプトを記載されている順序で実行します。 

1.  上述のステップ 2 でユーザーが返されていた場合はグループ メンバーを削除します。 

   DELETE FROM cwd_membership 
   WHERE parent_id IN (id1, id2)
   

2. Remove any permission mapping associated with the groups, if any results were returned in Step 3 above: 

   DELETE FROM cwd_app_dir_group_mapping 
   WHERE group_name IN ('group-to-delete', 'another-group-to-delete');

3. Remove any granted permissions associated with the groups. 

   DELETE FROM cwd_granted_perm
   WHERE group_mapping IN (id1, id2);

   Note: Use the id obtained in Section 1, Step 3. 
    

4. グループを削除します。 

   DELETE FROM cwd_group 
   WHERE group_name IN ('group-to-delete', 'another-group-to-delete');