Documentation for JIRA 5.0. Documentation for other versions of JIRA is available too.

On this page:

Using Crowd for SSO

  • If JIRA is configured for SSO through Crowd, you will only be able to authenticate as users from the Crowd server.
  • This document covers how to recover administration rights from the local 'JIRA Internal Directory' only. However, you will not be able to authenticate as a local JIRA administrator while Crowd SSO is enabled. Please refer to Integrating Crowd with Atlassian JIRA for details on how to configure or disable Crowd SSO.

Scenario A: I don't know which user has the JIRA Administrators or JIRA System Administrators global permission

You first need to find out which group(s) have been granted the global permission.

The JIRA System Administrators global permission was added to JIRA in version 3.12. Anyone granted the JIRA System Administrators global permission can perform all administration tasks in JIRA, whereas anyone granted the JIRA Administrators global permission can perform most but not all administration tasks. Prior to version 3.12, anyone granted the JIRA Administrators global permission can perform all administration tasks.

To find out which group(s) have been granted the JIRA Administrators global permission, run the following database query:

select perm_parameter from schemepermissions where PERMISSION=0;

To find out which group(s) have been granted the JIRA System Administrators global permission, run the following database query:

select perm_parameter from schemepermissions where PERMISSION=44;

Now that you know which group(s) have the global permission, run the following database query to find out which users are in that group (replace "jira-administrators" with the group returned by the above query):

select child_name from cwd_membership where parent_name='jira-administrators';

If you don't know the password for the user(s) returned by this query, move on to Scenario B.

If there are no Internal JIRA Administrators

If you're using Crowd or an external user management system, there may be no users with administrator permissions.
Find the groups in the external management system that you want to grant the administrator permissions and do the following:

  1. Shutdown JIRA.

  2. Use SQL to assign the appropriate group to the administrator permissions similar to this:

    update schemepermissions set perm_parameter='jira-system-administrators' where permission=44;
update schemepermissions set perm_parameter='jira-administrators' where permission=0;
update schemepermissions set perm_parameter='jira-users' where permission=1;
  3. Restart JIRA.

If you are still not able to log in with the user, please make sure that the new user is present in the 'userbase' table and is member of the group 'jira-users' in the 'membershipbase' table.

If no users or groups exist in JIRA

There may be no users or groups in your Internal Directory. If this is the case, you need to add one:

  1. Add a new 'localadmin' user with the password sphere

    insert into cwd_user values (999999,1,'localadmin','localadmin',1,'2012-01-04 19:49:05-08','2012-01-04 19:49:05-08','local','local','admin','admin','local admin','local admin','localadmin@localadmin.com','localadmin@localadmin.com','uQieO/1CGMUIXXftw3ynrsaYLShI+GTcPS4LdUGWbIusFvHPfUzD7CZvms6yMMvA8I7FViHVEqr6Mj4pCLKAFQ==');

  2. Add new groups

    insert into cwd_group(id, group_name, lower_group_name, active, local, created_date, updated_date, description, lower_description, group_type, directory_id)
values ( '888888','jira-administrators','jira-administrators',1,0,'2011-03-21 12:20:29','2011-03-21 12:20:29',NULL,NULL,'GROUP',1);
insert into cwd_group(id, group_name, lower_group_name, active, local, created_date, updated_date, description, lower_description, group_type, directory_id)
values ( '777777','jira-users','jira-users',1,0,'2011-03-21 12:20:29','2011-03-21 12:20:29',NULL,NULL,'GROUP',1);

  3. Set groups to have the appropriate Global Permissions

    insert into schemepermissions (id, scheme, permission, perm_type, perm_parameter) values (444444,NULL,44,'group','jira-administrators');
insert into schemepermissions (id, scheme, permission, perm_type, perm_parameter) values (333333,NULL,1,'group','jira-users');

  4. Add the group memberships for 'localadmin'

    insert into cwd_membership values (666666,888888,999999,'GROUP_USER','','jira-administrators','jira-administrators','localadmin','localadmin',1);
insert into cwd_membership values (555555,777777,999999,'GROUP_USER','','jira-users','jira-users','localadmin','localadmin',1);

Scenario B: I know which user has the JIRA Administrators or JIRA System Administrators global permission, but I have forgotten the password

(warning) Note that this will only work for users in the Internal directory. The following methods will not work with external user directories (eg in an LDAP server), since authentication is performed externally. You can find which directory a user belongs to by comparing the directory_id in cwd_user to those in cwd_directory.

Here are two different ways you can solve this problem:

1. Send it via email

This is the recommended approach

If you have configured JIRA to send email, just click on the Forgot Password link on the login page, enter your username and click the Send it to me button. You will receive an email which will help you reset your password.

2. Set the password directly in the database

This is a last resort only.

You can also update the password hash stored for a user in your database. Run the following command to set the user called XXXX's password to the word sphere.

update cwd_user set credential='uQieO/1CGMUIXXftw3ynrsaYLShI+GTcPS4LdUGWbIusFvHPfUzD7CZvms6yMMvA8I7FViHVEqr6Mj4pCLKAFQ==' where user_name='XXXX';

Then restart your JIRA instance.



See our Getting Help page for details.



Raise an issue for our developers.



See answers from the community.



Tweet, blog and update our documentation.

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.