Unable to add user to group error while creating a new Service Management
プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。
The error below is displayed when trying to create a new Service Management Agent on Jira Service Management 2.0.2+:
The following error appears in the
2014-09-15 16:19:02,151 http-bio-8080-exec-21 ERROR johnsmith 978x1726x2 myhd5s 192.168.10.121 /rest/servicedesk/1/servicedesk/create-welcome-project [internal.user.group.ServiceDeskUserGroupManager] Could not add user: johnsmith to group: service-desk-agents com.atlassian.crowd.exception.OperationNotPermittedException: com.atlassian.crowd.exception.ApplicationPermissionException: Group 'service-desk-agents' does not exist in the directory of the user and cannot be added.
- Jira Service Management is connected to an LDAP Directory with Read Only permissions as per the Connecting to an LDAP directory.
- Jira Service Management is connected to Crowd for user management.
When a user creates a Service Management they are automatically added as an agent. This involves adding that user to the group service-desk-agents.
The error is happening because the group service-desk-agents does not exist in the directory in which the user creating the Service Management is authenticated (e.g. in the error above the error happened for the username johnsmith). Jira also does not have permission to add the user creating the Service Management to the service-desk-agents group because of the Read Only setting configured on the User Directory.
There are two possible workarounds for this error:
Change the User Directory LDAP Permissions for the user facing the error to Read Only, with Local Groups.
Add the group service-desk-agents in the Crowd or LDAP server.
In Jira Service Management, the attribute below must be added to the the service-desk-agents group:
You can run this query in the Jira Database to identify the group id and directory id of the service-desk-agents group:
SELECT * FROM cwd_group WHERE group_name = 'service-desk-agents';
Use the id as <groupid>, and directory_id as <directoryID> in the following query:
INSERT INTO cwd_group_attributes(ID, group_id, directory_id, attribute_name, attribute_value, lower_attribute_value) VALUES (9999, <groupid>, <directoryID>, 'synch.created.by.jira.service.desk', 'synch.created.by.jira.service.desk', 'synch.created.by.jira.service.desk');
- Add the user creating the Service Management and all the agent users to that group in the Crowd or LDAP server directly.
- Then navigate to
Jira Administration > Global Permissions, and add the service-desk-agents group, and give it the Jira Service Management agent access permission.