How to remove 'Anonymous users' and 'Logged in users' permissions from Bamboo
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Within Bamboo it is possible to assign various permissions to 'Anonymous users' who have not been authenticated and 'Logged in users' who have. A common security practice would be to assign permissions to specific users and groups and disable anonymous access. The following link provides details of how permissions are set within the Bamboo UI.
What do we do if access has already been given? How do we remove the access?
Solution
If you have a large number of deployment environments it is not recommended to remove permissions from all deployment projects & environments in bulk due to a known performance issue with the deployments dashboard that can destabilize the entire Bamboo instance due to memory consumption:
Once on a fixed version (Bamboo 8.2) it will be safe to proceed.
Bamboo will store permissions in the database table ACL_ENTRY. Anonymous users will be recorded against the user 'ROLE_ANONYMOUS' and Logged in users will be recorded against the user 'ROLE_USER'. The following link provides details on how to list the permissions that have been assigned within Bamboo.
Each plan, deployment and project can be reviewed separately within the Bamboo UI and the unwanted permissions can be removed. Alternatively, all anonymous user and logged in user access entries can be removed from the table within the database using the following SQL.
As with all direct updates to the database, we would suggest taking a snapshot or backup of the Database before performing the changes. This is to ensure you have something to revert back to in case of errors.
1
delete from acl_entry where sid = 'ROLE_USER' or sid = 'ROLE_ANONYMOUS';Was this helpful?