Unable to login and perform any operation in Jira after cloud->DC migration
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Clients, including the administrator, were unable to access the Jira DC instance setup from the backup taken from a Jira cloud instance. They were unable to carry out any operations with any user, including recovery_admin, after changing the password from the database. recovery_admin was not working as well.
Environment
9.12.11
Diagnosis
To begin with, we instructed the user to reset password from DB and he was able to log into the system. However, he was not able to perform any action. Thereafter, we looked into the directory configuration and it indicated that no DIRECTORY had any Allowed operation permission.
directory configuration with no Allowed operation:
Current user:
Directory ID: -2
Username: xxxxxxxxxxxxxx
Display name: Recovery Admin User
Email address: @
Directory 1:
Directory ID: -2
Name: Recovery Mode Directory
Active: true
Type: INTERNAL
Created date: Tue Jul 23 14:27:43 UTC 2024
Updated date: Tue Jul 23 14:27:43 UTC 2024
Allowed operations: []
Implementation class: com.atlassian.crowd.manager.recovery.RecoveryModeDirectory
Encryption type: null
Directory 2:
Directory ID: 1
Name: Jira Internal Directory
Active: true
Type: INTERNAL
Created date: Tue Feb 06 10:12:20 UTC 2024
Updated date: Tue Jul 23 14:38:29 UTC 2024
Allowed operations: []
Implementation class: com.atlassian.crowd.directory.InternalDirectory
Encryption type: atlassian-securitySolution
Always back up your data before making any database modifications. If possible, test any alter, insert, update, or delete SQL commands on a staging server first.
For JIRA Data Center instances, you can log in as the sysadmin using the password supplied by during the migration from cloud. During migration, this account is created automatically. In this case however it was not working. So when the sysadmin user didn’t work, we further asked the user to follow the article to set recovery_admin user and this may help you. restore-passwords-to-recover-admin-user-rights-972329273.html
As the above didn’t help in this case. We further asked user to run below query in the database and it will set password to admin for any user we want.
Query
update cwd_user set credential = '{PKCS5S2}MgzbmAG93A1LbXfX/JrtllBYTirwYeK6uJPwVIywYnj2NkGuV+arJLIgmIMxmYW9' where user_name = 'username';
After performing a password reset from DB, the user was able to login to system. However users were still unable to perform any operation, because of missing permission in directoryory configuration. in this scenario, we can use below given query to the add the permissions . This query is given to append the permissions for Directory 1.
Query
INSERT INTO `cwd_directory_operation` VALUES (1,'CREATE_GROUP'),(1,'CREATE_ROLE'),(1,'CREATE_USER'),(1,'DELETE_GROUP'),(1,'DELETE_ROLE'),(1,'DELETE_USER'),(1,'UPDATE_GROUP'),(1,'UPDATE_GROUP_ATTRIBUTE'),(1,'UPDATE_ROLE'),(1,'UPDATE_ROLE_ATTRIBUTE'),(1,'UPDATE_USER'),(1,'UPDATE_USER_ATTRIBUTE');
Was this helpful?