Unable to remove user from group(or Confluence) with "UserNotFoundException: User <USER_NAME> does not exist" thrown in the log

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

When trying to remove a user from the group they belong to or from Confluence via the steps below:

The error message below appears:

  • Could not remove user 'USER_NAME' as a member of group 'GROUP_NAME'. Check your server logs for more information.


The following appears in the atlassian-confluence.log:

Remove from User Admin Page 
2019-04-05 12:10:11,998 ERROR [http-nio-8090-exec-3] [bucket.user.DefaultUserAccessor] removeMembership Failed to remove 'USER_NAME' as a member of 'GROUP_NAME'
 -- referer: http://<CONFLUENCE_URL>/admin/users/editusergroups.action | url: /admin/users/editusergroups.action | traceId: d885dc5cfdf3129f | userName: admin | action: editusergroups
com.atlassian.user.EntityException: com.atlassian.crowd.exception.runtime.UserNotFoundException: User <USER_NAME> does not exist
        at com.atlassian.crowd.embedded.atlassianuser.EmbeddedCrowdGroupManager.removeMembership(EmbeddedCrowdGroupManager.java:223)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
...
Caused by: com.atlassian.crowd.exception.runtime.UserNotFoundException: User <USER_NAME> does not exist
...

OR 

Remove from Group Admin Page 
2019-04-05 12:12:01,963 ERROR [http-nio-8090-exec-8] [bucket.user.DefaultUserAccessor] removeMembership Failed to remove 'USER_NAME' as a member of 'GROUP_NAME'
 -- referer: http://<CONFLUENCE_URL>/admin/users/removeuserfromgroup.action?atl_token=62d26c95642d4d12967dbf970f4556ddabe0794b&membersOfGroupTerm=GROUP_NAME&username=USER_NAME | url: /admin/users/removeuserfromgroup.action | traceId: 88b5543a61debd05 | userName: admin | action: removeuserfromgroup
com.atlassian.user.EntityException: com.atlassian.crowd.exception.runtime.UserNotFoundException: User <USER_NAME> does not exist
        at com.atlassian.crowd.embedded.atlassianuser.EmbeddedCrowdGroupManager.removeMembership(EmbeddedCrowdGroupManager.java:223)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
...
Caused by: com.atlassian.crowd.exception.runtime.UserNotFoundException: User <USER_NAME> does not exist
...

(info) The USER_NAME and GROUP_NAME will be the respective user and group that you're trying to edit.

Diagnosis

Environment

  • Confluence is connected with External Directory under either condition below:

    • Delegated External Directory
    • Read Only with Local Groups
    (info) Both of the situations above allow Confluence to have Internal Group and Local Group

Diagnostic Steps

  • Run the SQL Query below to find if you have incorrect pair of User and Group in cwd_membership table:

    select cm.id, cm.parent_id, cg.group_name, cg.directory_id as group_directory_id, cm.child_user_id, cu.user_name, cu.directory_id as user_directory_id 
from cwd_membership cm
join cwd_user cu on cu.id=cm.child_user_id
join cwd_group cg on cg.id=cm.parent_id
where cg.directory_id != cu.directory_id
and cu.user_name='<USER_NAME>';

    (info) Replace <USER_NAME> with the affected user's username.

Only if the query above return with any result(s), the user is affected by this issue and should follow the Resolution steps to manually remove the group membership.

Cause

By right, the user from External Directory is located in the Internal Group that belongs to Internal Directory or vice versa. An incorrect entry will cause Confluence to still recognize the membership of the user in permission or restriction setting, but admin will not be able to remove them from the incorrect group memberships.

User from the External Directory must be in the Local Group that belongs to the External Directory, while user from Internal Directory must be in the Internal Group that belongs to the Internal Directory.

(info) Below are some definitions of the Local Group vs Internal Group:

Local GroupA group that is created to associate to an External Directory but is being managed locally in Confluence
Internal GroupA group that exists in the Confluence Internal Directory


Resolution

Manually remove the incorrect entry in the cwd_membership table using the SQL query below:

Always back up your data before performing any modifications to the database. If possible, test any alter, insert, update, or delete SQL commands on a staging server first.

delete from cwd_membership where id=<ID_FROM_DIAGNOSTIC_STEP>;

(info) Replace the <ID_FROM_DIAGNOSTIC_STEP> using the id from Diagnostic step above


DescriptionUnable to remove user from group when Group Membership is set wrongly
ProductConfluence

Last modified on Aug 4, 2024

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.