Unable to delete, edit, or add user into groups due to APPLICATION_PERMISSION_DENIED error
Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.
Confluence is connected to user directories that has Read and Write permission. However, users from that directory are unable to be deleted, edited, or added into groups.
The following messages appear in the UI
Attempting to delete user:
Attempting to edit user details:
Attempting to add user into groups:
The following appears in the atlassian-confluence
2019-06-27 12:02:31,006 ERROR [Long running task: Delete User: user1] [core.task.longrunning.AbstractLongRunningTask] runInternal Error during user deletion -- url: /admin/users/removeuser-confirm.action | referer: http://localhost:8090/admin/users/removeuser.action?username=user1 | traceId: 97102c882f315622 | userName: admin | action: removeuser-confirm com.atlassian.confluence.user.UserManagementOperationFailedException: com.atlassian.crowd.exception.ApplicationPermissionException: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><error><reason>APPLICATION_PERMISSION_DENIED</reason><message>Cannot update user 'user1' because directory 'Example Directory' does not allow updates.</message></error>
The user is pulled from an external directory, such as JIRA or Crowd, with a Read and Write connection.
- In this external directory, the user is pulled from another external directory (eg. LDAP), with a Read Only Connection
Because the directory between JIRA/Crowd and LDAP is read-only, user cannot be managed in JIRA/Crowd, nor can they be managed in Confluence side. Users can only be managed in LDAP side.
In the example error message above, "user1" failed to be deleted, as the directory "Example Directory" Connected from JIRA/Crowd side, does not allow adding of groups.
- Manage user in LDAP side
- Change JIRA/Crowd - LDAP connection to Read and Write