Retrieving the JIRA Administrator

Usage FAQ

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

This page describes how to retrieve the JIRA administrator. It is broken down by JIRA version, as the process is different depending on what version of JIRA you are on. Please ensure you're referring to the correct process for your version of JIRA. If you are running versions 5.2 and below, please refer to our previous documentation. If you are evaluating JIRA applications, or running an evaluation instance for testing purposes, you can also run SQL commands in a HSQL database to help retrieve the JIRA administrator. 

For JIRA versions above 7.0:

tip/resting Created with Sketch.

Using JIRA Recovery Mode to retrieve the administrator:

Recovery mode works by creating a virtual user directory with a temporary admin account. You set the password for this admin account when applying system property.  Users can continue to log in and access Jira while it is in recovery mode. You can use the following system property to enable recovery mode, as in Configuring System Properties:

-Datlassian.recovery.password=<your-password>

(info) Log in to Jira with the username recovery_admin and the temporary password you specified in the system property.

For more information regarding this procedure, please see the article from our knowledge base:


For JIRA versions above 6.2.1:

Using Single Sign-On (SSO):

  • If JIRA is configured for SSO through Crowd or another third-party service, only users from Crowd or the other service will be able to log in to JIRA.
  • In order to log in as a user from the JIRA Internal Directory, roll back the changes made within Integrating Crowd with Atlassian JIRA or as made by the third-party authenticator.

Scenario A: I don't know which user has the JIRA Administrators or JIRA System Administrators global permission

You first need to find out which group(s) have been granted the global permission.

The JIRA System Administrators global permission was added to JIRA in version 3.12. Anyone granted the JIRA System Administrators global permission can perform all administration tasks in JIRA, whereas anyone granted the JIRA Administrators global permission can perform most but not all administration tasks. Prior to version 3.12, anyone granted the JIRA Administrators global permission can perform all administration tasks.

  1. To find out which group(s) have been granted the JIRA Administrators global permission, run the following database query:

    select group_id from globalpermissionentry where PERMISSION='ADMINISTER';
  2. To find out which group(s) have been granted the JIRA System Administrators global permission, run the following database query:

    select group_id from globalpermissionentry where PERMISSION='SYSTEM_ADMIN';
  3. Now that you know which group(s) have the global permission, run the following database query to find out which users are in that group (replace "jira-administrators" with the group returned by the above query):

    select child_name, directory_id from cwd_membership where parent_name='jira-administrators';

    (info) If you are having issues with remote directory connectivity, you will need to use an account with a directory_id of 1.


    If you don't know the password for the user(s) returned by this query, move on to Scenario B.

If there are no Internal JIRA Administrators

If you're using Crowd or an external user management system, there may be no users with administrator permissions. 
Find the groups in the external management system that you want to grant the administrator permissions and do the following:

  1. Shutdown JIRA.
  2. Use SQL to assign the appropriate group to the administrator permissions similar to this:

    update globalpermissionentry set group_id='jira-system-administrators' where permission='SYSTEM_ADMIN';
    update globalpermissionentry set group_id='jira-administrators' where permission='ADMINISTER';
    update globalpermissionentry set group_id='jira-users' where permission='USE';
  3. (Oracle only): Execute a COMMIT so that the transactions are completed.
  4. Restart JIRA.

If no users or groups exist in JIRA

There may be no users or groups in your Internal Directory. If this is the case, you need to add one:

  1. Add a new 'localadmin' user with the password sphere:

    insert for cwd_user

    insert into cwd_user values (999999,1,'localadmin','localadmin',1,'2012-01-04 19:49:05-08','2012-01-04 19:49:05-08','local','local','admin','admin','local admin','local admin','localadmin@localadmin.com','localadmin@localadmin.com','uQieO/1CGMUIXXftw3ynrsaYLShI+GTcPS4LdUGWbIusFvHPfUzD7CZvms6yMMvA8I7FViHVEqr6Mj4pCLKAFQ==',NULL,NULL);
    insert into app_user values(999999,'localadmin','localadmin');

    (warning) If you are using Oracle database use the following:

    insert into cwd_user values (999999,1,'localadmin','localadmin',1,TO_DATE('2012-01-04 19:49:05','yyyy-mm-dd hh24:mi:ss'),TO_DATE('2012-01-04 19:49:05','yyyy-mm-dd hh24:mi:ss'),'local','local','admin','admin','local admin','local admin','localadmin@localadmin.com','localadmin@localadmin.com','uQieO/1CGMUIXXftw3ynrsaYLShI+GTcPS4LdUGWbIusFvHPfUzD7CZvms6yMMvA8I7FViHVEqr6Mj4pCLKAFQ==', NULL, NULL);
    insert into app_user values(999999,'localadmin','localadmin');
  2. Add new groups:

    insert into cwd_group(id, group_name, lower_group_name, active, local, created_date, updated_date, description, lower_description, group_type, directory_id)
    values ( '888888','jira-administrators','jira-administrators',1,0,'2011-03-21 12:20:29','2011-03-21 12:20:29',NULL,NULL,'GROUP',1);
    insert into cwd_group(id, group_name, lower_group_name, active, local, created_date, updated_date, description, lower_description, group_type, directory_id)
    values ( '777777','jira-users','jira-users',1,0,'2011-03-21 12:20:29','2011-03-21 12:20:29',NULL,NULL,'GROUP',1);

    (warning) If you are using Oracle database use the following:

    insert into cwd_group(id, group_name, lower_group_name, active, local, created_date, updated_date, description, lower_description, group_type, directory_id)
    values ( '888888','jira-administrators','jira-administrators',1,0,TO_DATE('2011-03-21 12:20:29','yyyy-mm-dd hh24:mi:ss'),TO_DATE('2011-03-21 12:20:29',
    'yyyy-mm-dd hh24:mi:ss'),NULL,NULL,'GROUP',1);
    insert into cwd_group(id, group_name, lower_group_name, active, local, created_date, updated_date, description, lower_description, group_type, directory_id)
    values ( '777777','jira-users','jira-users',1,0,TO_DATE('2011-03-21 12:20:29','yyyy-mm-dd hh24:mi:ss'),TO_DATE('2011-03-21 12:20:29',
    'yyyy-mm-dd hh24:mi:ss'),NULL,NULL,'GROUP',1);
  3. Add groups to the appropriate Global Permissions:

    insert into globalpermissionentry (id, permission, group_id) values (555555,'SYSTEM_ADMIN','jira-administrators');
    insert into globalpermissionentry (id, permission, group_id) values (444444,'ADMINISTER','jira-administrators');
    insert into globalpermissionentry (id, permission, group_id) values (333333,'USE','jira-users');
  4. Add the group memberships for the 'localadmin' user:

    insert into cwd_membership values (666666,888888,999999,'GROUP_USER','','jira-administrators','jira-administrators','localadmin','localadmin',1);
    insert into cwd_membership values (555555,777777,999999,'GROUP_USER','','jira-users','jira-users','localadmin','localadmin',1);
  5. Enable the JIRA Internal Directory:

    update cwd_directory set active = 1 where id = 1;
  6. (Oracle only): Execute a COMMIT so that the transactions are completed.
  7. Restart JIRA.

Scenario B: I know which user has the JIRA Administrators or JIRA System Administrators global permission, but I have forgotten the password

(warning) Note that this will only work for users in the Internal directory. The following methods will not work with external user directories (eg in an LDAP server), since authentication is performed externally. You can find which directory a user belongs to with the following SQL:

select u.user_name, d.directory_name from cwd_user u inner join cwd_directory d on u.directory_id = d.id order by directory_name, user_name

The password can be reset with either of the following:

1. Send it via email

This is the recommended approach.

If you have configured JIRA to send email, just click on the Forgot Password link on the login page, enter your username and click the Send it to me button. You will receive an email which will help you reset your password.

2. Set the password directly in the database

This is a last resort only - try the above recommended approach first.

  1. You can also update the password hash stored for a user in your database. Run the following command to set the user called XXXX's password to the word sphere.

    update cwd_user set credential='uQieO/1CGMUIXXftw3ynrsaYLShI+GTcPS4LdUGWbIusFvHPfUzD7CZvms6yMMvA8I7FViHVEqr6Mj4pCLKAFQ==' where user_name='XXXX';
  2. (Oracle only): Execute a COMMIT so that the transactions are completed.
  3. Restart JIRA.

For JIRA versions 6.0 to 6.2.1:

Using Single Sign-On (SSO):

  • If JIRA is configured for SSO through Crowd or another third-party service, only users from Crowd or the other service will be able to log in to JIRA.
  • In order to log in as a user from the JIRA Internal Directory, roll back the changes made within Integrating Crowd with Atlassian JIRA or as made by the third-party authenticator.

Scenario A: I don't know which user has the JIRA Administrators or JIRA System Administrators global permission

You first need to find out which group(s) have been granted the global permission.

The JIRA System Administrators global permission was added to JIRA in version 3.12. Anyone granted the JIRA System Administrators global permission can perform all administration tasks in JIRA, whereas anyone granted the JIRA Administrators global permission can perform most but not all administration tasks. Prior to version 3.12, anyone granted the JIRA Administrators global permission can perform all administration tasks.

  1. To find out which group(s) have been granted the JIRA Administrators global permission, run the following database query:

    select perm_parameter from schemepermissions where PERMISSION=0;
  2. To find out which group(s) have been granted the JIRA System Administrators global permission, run the following database query:

    select perm_parameter from schemepermissions where PERMISSION=44;
  3. Now that you know which group(s) have the global permission, run the following database query to find out which users are in that group (replace "jira-administrators" with the group returned by the above query):

    select child_name, directory_id from cwd_membership where parent_name='jira-administrators';

    (info) If you are having issues with remote directory connectivity, you will need to use an account with a directory_id of 1.


    If you don't know the password for the user(s) returned by this query, move on to Scenario B.

If there are no Internal JIRA Administrators

If you're using Crowd or an external user management system, there may be no users with administrator permissions.
Find the groups in the external management system that you want to grant the administrator permissions and do the following:

  1. Shutdown JIRA.
  2. Use SQL to assign the appropriate group to the administrator permissions similar to this:

    update schemepermissions set perm_parameter='jira-system-administrators' where permission=44;
    update schemepermissions set perm_parameter='jira-administrators' where permission=0;
    update schemepermissions set perm_parameter='jira-users' where permission=1;
  3. (Oracle only): Execute a COMMIT so that the transactions are completed.
  4. Restart JIRA.

If no users or groups exist in JIRA

There may be no users or groups in your Internal Directory. If this is the case, you need to add one:

  1. Add a new 'localadmin' user with the password sphere:

    insert into cwd_user values (999999,1,'localadmin','localadmin',1,'2012-01-04 19:49:05-08','2012-01-04 19:49:05-08','local','local','admin','admin','local admin','local admin','localadmin@localadmin.com','localadmin@localadmin.com','uQieO/1CGMUIXXftw3ynrsaYLShI+GTcPS4LdUGWbIusFvHPfUzD7CZvms6yMMvA8I7FViHVEqr6Mj4pCLKAFQ==',NULL,NULL);
    insert into app_user values(999999,'localadmin','localadmin');

    (warning) If you are using Oracle database use the following:

    insert into cwd_user values (999999,1,'localadmin','localadmin',1,TO_DATE('2012-01-04 19:49:05','yyyy-mm-dd hh24:mi:ss'),TO_DATE('2012-01-04 19:49:05','yyyy-mm-dd hh24:mi:ss'),'local','local','admin','admin','local admin','local admin','localadmin@localadmin.com','localadmin@localadmin.com','uQieO/1CGMUIXXftw3ynrsaYLShI+GTcPS4LdUGWbIusFvHPfUzD7CZvms6yMMvA8I7FViHVEqr6Mj4pCLKAFQ==',NULL,NULL);
    insert into app_user values(999999,'localadmin','localadmin');
  2. Add new groups:

    insert into cwd_group(id, group_name, lower_group_name, active, local, created_date, updated_date, description, lower_description, group_type, directory_id)
    values ( '888888','jira-administrators','jira-administrators',1,0,'2011-03-21 12:20:29','2011-03-21 12:20:29',NULL,NULL,'GROUP',1);
    insert into cwd_group(id, group_name, lower_group_name, active, local, created_date, updated_date, description, lower_description, group_type, directory_id)
    values ( '777777','jira-users','jira-users',1,0,'2011-03-21 12:20:29','2011-03-21 12:20:29',NULL,NULL,'GROUP',1);

    (warning) If you are using Oracle database use the following:

    insert into cwd_group(id, group_name, lower_group_name, active, local, created_date, updated_date, description, lower_description, group_type, directory_id)
    values ( '888888','jira-administrators','jira-administrators',1,0,TO_DATE('2011-03-21 12:20:29','yyyy-mm-dd hh24:mi:ss'),TO_DATE('2011-03-21 12:20:29',
    'yyyy-mm-dd hh24:mi:ss'),NULL,NULL,'GROUP',1);
    insert into cwd_group(id, group_name, lower_group_name, active, local, created_date, updated_date, description, lower_description, group_type, directory_id)
    values ( '777777','jira-users','jira-users',1,0,TO_DATE('2011-03-21 12:20:29','yyyy-mm-dd hh24:mi:ss'),TO_DATE('2011-03-21 12:20:29',
    'yyyy-mm-dd hh24:mi:ss'),NULL,NULL,'GROUP',1);
  3. Add groups to the appropriate Global Permissions:

    insert into schemepermissions (id, scheme, permission, perm_type, perm_parameter) values (444444,NULL,44,'group','jira-administrators');
    insert into schemepermissions (id, scheme, permission, perm_type, perm_parameter) values (333333,NULL,1,'group','jira-users');
  4. Add the group memberships for the 'localadmin' user:

    insert into cwd_membership values (666666,888888,999999,'GROUP_USER','','jira-administrators','jira-administrators','localadmin','localadmin',1);
    insert into cwd_membership values (555555,777777,999999,'GROUP_USER','','jira-users','jira-users','localadmin','localadmin',1);
  5. Enable the JIRA Internal Directory:

    update cwd_directory set active = 1 where id = 1;
  6. (Oracle only): Execute a COMMIT so that the transactions are completed.
  7. Restart JIRA.

Scenario B: I know which user has the JIRA Administrators or JIRA System Administrators global permission, but I have forgotten the password

(warning) Note that this will only work for users in the Internal directory. The following methods will not work with external user directories (eg in an LDAP server), since authentication is performed externally. You can find which directory a user belongs to with the following SQL:

select u.user_name, d.directory_name from cwd_user u inner join cwd_directory d on u.directory_id = d.id order by directory_name, user_name;

The password can be reset with either of the following:

1. Send it via email

This is the recommended approach.

If you have configured JIRA to send email, just click on the Forgot Password link on the login page, enter your username and click the Send it to me button. You will receive an email which will help you reset your password.

2. Set the password directly in the database

This is a last resort only - try the above recommended approach first.

  1. You can also update the password hash stored for a user in your database. Run the following command to set the user called XXXX's password to the word sphere.

    update cwd_user set credential='uQieO/1CGMUIXXftw3ynrsaYLShI+GTcPS4LdUGWbIusFvHPfUzD7CZvms6yMMvA8I7FViHVEqr6Mj4pCLKAFQ==' where user_name='XXXX';
  2. (Oracle only): Execute a COMMIT so that the transactions are completed.
  3. Restart JIRA.
Last modified on May 30, 2019

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.