User cannot be deleted with error they belong to a read-only directory.
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Symptoms
When trying to delete a particular user from Bitbucket Server's Administration section, the following error is reported on screen:
1
User <Username> cannot be deleted; they belong to a read-only directory. Consult the logs for more details.
And following warning is reported in <BITBUCKET_HOME>/log/atlassian-bitbucket.log file:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
2015-05-08 09:26:08,804 WARN [http-nio-7990-exec-3] bitbucketadmin @6TROM6x566x112x0 1toy15b 0:0:0:0:0:0:0:1 "DELETE /admin/users HTTP/1.1" c.a.bitbucket.internal.crowd.RiotPolice User jiraadmin could not be deleted
com.atlassian.crowd.exception.OperationNotPermittedException: com.atlassian.crowd.exception.ApplicationPermissionException: Not allowed to delete user 'Username' from directory 'Directory'.
at com.atlassian.crowd.embedded.core.CrowdServiceImpl.removeUser(CrowdServiceImpl.java:505) ~[embedded-crowd-core-2.8.1-m3.jar:na]
at com.atlassian.bitbucket.internal.crowd.RiotPolice$5.execute(RiotPolice.java:196) [bitbucket-service-impl-3.6.1.jar:na]
at com.atlassian.bitbucket.internal.crowd.RiotPolice$5.execute(RiotPolice.java:191) [bitbucket-service-impl-3.6.1.jar:na]
at com.atlassian.bitbucket.internal.crowd.RiotPolice.execute(RiotPolice.java:680) [bitbucket-service-impl-3.6.1.jar:na]
at com.atlassian.bitbucket.internal.crowd.RiotPolice.deleteUser(RiotPolice.java:191) [bitbucket-service-impl-3.6.1.jar:na]
at com.atlassian.bitbucket.internal.user.DefaultUserAdminService.deleteUser(DefaultUserAdminService.java:288) [bitbucket-service-impl-3.6.1.jar:na]
at com.atlassian.bitbucket.internal.user.DefaultUserAdminService.deleteUser(DefaultUserAdminService.java:56) [bitbucket-service-impl-3.6.1.jar:na]
at com.atlassian.bitbucket.internal.rest.user.UserAdminResource.deleteUser(UserAdminResource.java:214) [bitbucket-rest-3.6.1.jar:na]
at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:25) [applinks-plugin-4.3.5_1418154064000.jar:na]
at com.atlassian.bitbucket.internal.spring.security.Bitbucket ServerAuthenticationFilter.doFilter(Bitbucket ServerAuthenticationFilter.java:86) [Bitbucket ServerAuthenticationFilter.class:na]
at com.atlassian.bitbucket.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doInsideSpringSecurityChain(BeforeLoginPluginAuthenticationFilter.java:111) [BeforeLoginPluginAuthenticationFilter.class:na]
at com.atlassian.bitbucket.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:77) [BeforeLoginPluginAuthenticationFilter.class:na]
at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:100) [atlassian-trusted-apps-core-3.0.8.jar:na]
at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:79) [atlassian-oauth-service-provider-plugin-1.9.9_1418154064000.jar:na]
at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:100) [atlassian-trusted-apps-core-3.0.8.jar:na]
at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:79) [atlassian-oauth-service-provider-plugin-1.9.9_1418154064000.jar:na]
at com.atlassian.analytics.client.filter.DefaultAnalyticsFilter.doFilter(DefaultAnalyticsFilter.java:32) [analytics-client-3.53_1418154066000.jar:na]
at com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:32) [analytics-client-3.53_1418154066000.jar:na]
at com.atlassian.bitbucket.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doBeforeBeforeLoginFilters(BeforeLoginPluginAuthenticationFilter.java:89) [BeforeLoginPluginAuthenticationFilter.class:na]
at com.atlassian.bitbucket.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:75) [BeforeLoginPluginAuthenticationFilter.class:na]
at com.atlassian.bitbucket.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:85) [bitbucket-service-impl-3.6.1.jar:na]
at com.atlassian.bitbucket.internal.hazelcast.ConfigurableWebFilter.doFilter(ConfigurableWebFilter.java:38) [ConfigurableWebFilter.class:na]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_31]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_31]
... 290 frames trimmed
Caused by: com.atlassian.crowd.exception.ApplicationPermissionException: Not allowed to delete user 'Username' from directory 'Directory'.
at com.atlassian.crowd.manager.application.ApplicationServiceGeneric.removeUser(ApplicationServiceGeneric.java:825) ~[crowd-core-2.8.1-m3.jar:na]
at com.atlassian.crowd.embedded.core.CrowdServiceImpl.removeUser(CrowdServiceImpl.java:496) ~[embedded-crowd-core-2.8.1-m3.jar:na]
... 24 common frames omittedCause
JIRA user management in Bitbucket Server is "read-only". All user management related tasks can only be done in JIRA not Bitbucket Server as documented here.
Resolution
Log into your JIRA server as an administrator and delete the user from there.
Updated on April 24, 2025
Was this helpful?
Still need help?
The Atlassian Community is here for you.