Unable to delete, edit, or add user into groups due to APPLICATION_PERMISSION_DENIED error

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

Confluence is connected to user directories that has Read and Write permission. However, users from that directory are unable to be deleted, edited, or added into groups.

The following messages appear in the UI

Attempting to delete user:

Attempting to edit user details:

Attempting to add user into groups:

The following appears in the atlassian-confluence.log

2019-06-27 12:02:31,006 ERROR [Long running task: Delete User: user1] [core.task.longrunning.AbstractLongRunningTask] runInternal Error during user deletion
 -- url: /admin/users/removeuser-confirm.action | referer: http://localhost:8090/admin/users/removeuser.action?username=user1 | traceId: 97102c882f315622 | userName: admin | action: removeuser-confirm
com.atlassian.confluence.user.UserManagementOperationFailedException: com.atlassian.crowd.exception.ApplicationPermissionException: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><error><reason>APPLICATION_PERMISSION_DENIED</reason><message>Cannot update user 'user1' because directory 'Example Directory' does not allow updates.</message></error>

Diagnosis

  • The user is pulled from an external directory, such as JIRA or Crowd, with a Read and Write connection.

  • In this external directory, the user is pulled from another external directory (eg. LDAP), with a Read Only Connection

Cause

Because the directory between JIRA/Crowd and LDAP is read-only, user cannot be managed in JIRA/Crowd, nor can they be managed in Confluence side. Users can only be managed in LDAP side. 

In the example error message above, "user1" failed to be deleted, as the directory "Example Directory" Connected from JIRA/Crowd side, does not allow adding of groups.

Resolution

  • Manage user in LDAP side
  • Change JIRA/Crowd - LDAP connection to Read and Write


DescriptionUnable to edit user in Confluence due to user belong to a nested user directory that has Read and Write permission
ProductConfluence
Last modified on Jun 27, 2019

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.