Unable to add user to group error while creating a new Service Management

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。

問題

The error below is displayed when trying to create a new Service Management Agent on Jira Service Management 2.0.2+:


The following error appears in the atlassian-jira.log:

2014-09-15 16:19:02,151 http-bio-8080-exec-21 ERROR johnsmith 978x1726x2 myhd5s 192.168.10.121 /rest/servicedesk/1/servicedesk/create-welcome-project [internal.user.group.ServiceDeskUserGroupManager] Could not add user: johnsmith to group: service-desk-agents
com.atlassian.crowd.exception.OperationNotPermittedException: com.atlassian.crowd.exception.ApplicationPermissionException: Group 'service-desk-agents' does not exist in the directory of the user and cannot be added.

診断

  • Jira Service Management is connected to an LDAP Directory with Read Only permissions as per the Connecting to an LDAP directory.
  • Jira Service Management is connected to Crowd for user management.

 

原因

When a user creates a Service Management they are automatically added as an agent. This involves adding that user to the group service-desk-agents.

The error is happening because the group service-desk-agents does not exist in the directory in which the user creating the Service Management is authenticated (e.g. in the error above the error happened for the username johnsmith). Jira also does not have permission to add the user creating the Service Management to the service-desk-agents group because of the Read Only setting configured on the User Directory.

回避策

There are two possible workarounds for this error:

回避策 1

Change the User Directory LDAP Permissions for the user facing the error to Read Only, with Local Groups. 

回避策 2

  1. Add the group service-desk-agents in the Crowd or LDAP server.

    (warning) In Jira Service Management, the attribute below must be added to the the service-desk-agents group:

    synch.created.by.jira.service.desksynch.created.by.jira.service.desk

    You can run this query in the Jira Database to identify the group id and directory id of the service-desk-agents group:

     SELECT * FROM cwd_group WHERE group_name = 'service-desk-agents';

    Use the id as <groupid>, and directory_id as <directoryID> in the following query:

    INSERT INTO cwd_group_attributes(ID, group_id, directory_id, attribute_name, attribute_value, lower_attribute_value) VALUES (9999, <groupid>, <directoryID>, 'synch.created.by.jira.service.desk', 'synch.created.by.jira.service.desk', 'synch.created.by.jira.service.desk');
  2. Add the user creating the Service Management and all the agent users to that group in the Crowd or LDAP server directly.
  3. Then navigate to Jira Administration > Global Permissions, and add the service-desk-agents group, and give it the Jira Service Management agent access permission.

最終更新日 2020 年 11 月 23 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.