Summary

Clicking in the Remove button to delete a group from the Project Role in Jira does not actually remove group.

No errors are shown.

Environment

Jira connected to Crowd or LDAP.

Diagnosis

Group is associated to multiple User Directories with different casing.

This can be confirmed with the SQL query below in Jira's database.

select G.group_name, D.directory_name, D.directory_position 
from cwd_group G
join cwd_directory D on G.directory_id = D.id
where lower_group_name = '<group name in lower cases>'
order by D.directory_position ;

Cause

Cause 1:

Group has different casing than what is associated to the top User Directory as example below.

Cause 2:

No groups are returned by the query above, meaning the group has been removed from the cwd_group table but the project role reference was kept. This can happen when we have an incorrect collation in the database.

Solution

Cause 1:

1. Move Directory with the same casing above the other directories
2. Remove group from Project Role
3. Move Directory to the original position

Please note moving directory position may change user's group membership and cause permission problems while the change is being made so it may be safer to schedule the fix for off-business hours.

Cause 2: 

1. Create a new group with the same name in Jira's internal directory
2. Remove the group from the project role
3. Remove the group from Jira

The current behaviour of crowd/LDAP groups is that when the deletion is done from the crowd/LDAP side and it gets synched to Jira, the operation to cascade deletion of the group from roles does not happen. This is documented in the bug tickets below:

JRASERVER-70842 - Getting issue details... STATUS

JRASERVER-73108 - Getting issue details... STATUS