Restore Stash's Administrator User

'How Do I...' and 'How to...' Guide to Stash



アトラシアン コミュニティをご利用ください。


For Stash versions 2.11+ see Lockout recovery process.


No administrator can log into Stash and no user exists in the Internal Directory (a.k.a. the local user directory) with administrator permissions.

If one already exists or if you are unsure if one exists, see the following KB article as an administrator's password can be reset:



The password of any of the users who have administrative rights within Stash have been forgotten or all of the connections to external user directories have failed.


The instructions here were tested on PostgreSQL 9.3. They may need slight modifications for different databases.
If you are unsure about any of the steps or hit an error, it is always advised to contact an Atlassian engineer at

  1. Stop Stash,
  2. Connect to the database used by Stash,
    1. Create a backup of the database!  (warning)
    2. Insert a temporary administrative user, with the username dbuser1 and the password admin:

      • Create the new user:

        This user must be removed using the instructions below after the resolution of the issue. Failing to do so might lead to database errors otherwise, if the number of created users reaches an extremely large number
        If you use Stash 2.6 or earlier, change the name of the is_active column to active in the first query.
        INSERT INTO cwd_user (id,user_name,lower_user_name,is_active,created_date,updated_date,last_name,lower_last_name,display_name,lower_display_name,email_address,lower_email_address,directory_id,credential) VALUES (999999999,'dbuser1','dbuser1','T','2014-01-08 12:12:12','2014-01-08 12:12:12','dbuser1','dbuser1','dbuser1','dbuser1','','',32769,'{PKCS5S2}4PCXluhV1YoY3yGgp77MfHjoFoS7GwNxif4gQLpwIfqLs9n/3seRLlECMu2CWGtm');
        INSERT INTO stash_user (id, name, slug) VALUES (999999999,'dbuser1','dbuser1');
      • Grant the account system admnistrator permissions:

        INSERT INTO sta_global_permission (id, perm_id,user_id) VALUES (999999999,7,999999999);
  3. Start Stash,

    1. Login with the username dbuser1 and password admin,

    2. Restore the password of the original administrative user in the Stash admin panel;

  4. Upon verification that the original administrative user has the correct permissions and that you can login with that user;

    1. Stop Stash,

    2. Connect to the database used by Stash to run the following queries to remove the temporary user:

      DELETE FROM sta_global_permission WHERE id = 999999999;
      DELETE FROM stash_user WHERE id = 999999999;
      DELETE FROM cwd_user_attribute where user_id = 999999999;
      DELETE FROM cwd_user WHERE id = 999999999;
Possible Problems

Login fails due to too many failed attempts and CAPTCHA is enabled, but no internet access for the Stash instance

Use the following query to reset the failed login count for the given user (dbuser1 in this example): 


UPDATE cwd_user_attribute SET attribute_value=0, attribute_lower_value=0 WHERE lower_user_name='dbuser1' AND (attribute_name="failedAuthenticationAttemptCount" OR attribute_name="invalidPasswordAttempts")

The Internal Directory is disabled or an external directory is still being used for authentication

To disable all directories but the Internal Directory and make sure it is enabled, execute the following update:

UPDATE cwd_directory SET active='T' WHERE impl_class='';
UPDATE cwd_directory SET active='F' WHERE impl_class!='';

Oracle query reports "Missing comma"

The entered query is too long and the query must be explicitly split by line.



Last modified on Mar 2, 2016


Powered by Confluence and Scroll Viewport.