This page last changed on Jul 30, 2009 by amyers.

On this page:

Scenario A: I don't know which user has the JIRA Administrators or JIRA System Administrators global permission

You first need to find out which group(s) have been granted the global permission.

The JIRA System Administrators global permission was added to JIRA in version 3.12. Anyone granted the JIRA System Administrators global permission can perform all administration tasks in JIRA, whereas anyone granted the JIRA Administrators global permission can perform most but not all administration tasks. Prior to version 3.12, anyone granted the JIRA Administrators global permission can perform all administration tasks.

To find out which group(s) have been granted the JIRA Administrators global permission, run the following database query:

select perm_parameter from schemepermissions where PERMISSION=0;

To find out which group(s) have been granted the JIRA System Administrators global permission, run the following database query:

select perm_parameter from schemepermissions where PERMISSION=44;

Now that you know which group(s) have the global permission, run the following database query to find out which users are in that group (replace "jira-administrators" with the group returned by the above query):

select user_name from membershipbase where group_name='jira-administrators';

If you don't know the password for the user(s) returned by this query, move on to Scenario B.

Scenario B: I know which user has the JIRA Administrators or JIRA System Administrators global permission, but I have forgotten the password

Here are two different ways you can solve this problem:

1. Send it via email

If you have configured JIRA to send email, just click on the Forgot Password link on the login page, enter your username and click the Send it to me button. Your password will be emailed to you.

2. Set the password directly in the database

You can also update the password hash stored for a user in your database. Run the following command to set the user called XXXX's password to the word sphere. Remember to restart Jira after making any changes directly to the database.

update userbase set password_hash='uQieO/1CGMUIXXftw3ynrsaYLShI+GTcPS4LdUGWbIusFvHPfUzD7CZvms6yMMvA8I7FViHVEqr6Mj4pCLKAFQ==' where username='XXXX';

Then restart your JIRA instance.

Alternative approach for JIRA versions earlier than JIRA 3.12: temporarily remove security restrictions

If you temporarily remove security restrictions from the JIRA instance, you will be able to carry out administrative actions without logging in. The login panel will be displayed if you go to the home page, but you can go to any page without logging in if you know the full URL for that page. Using this technique, you can correct the problem, then re-enable security restrictions.

This approach will only work for JIRA versions earlier than JIRA 3.12.

1. Remove security restrictions

1.    Locate the WEB-INF/classes/seraph-config.xml file. (In JIRA 2.4.1 and earlier, it is called security-config.xml.)

2.    Comment out everything between the <services> tags:

<security-config>
    ...
    <services>
       <!--
        <service class="com.atlassian.seraph.service.PathService">
            <init-param>
                <param-name>config.file</param-name>
                <param-value>/seraph-paths.xml</param-value>
            </init-param>
        </service>

        <service class="com.atlassian.seraph.service.WebworkService">
            <init-param>
                <param-name>action.extension</param-name>
                <param-value>jspa</param-value>
            </init-param>
        </service>
         -->
    </services>
    ...
</security-config>

3.   Restart JIRA.

You will now be able to access all of JIRA without logging on. However you will have to know the full URL for the pages you want to access.

2. Restore administrative privileges

1. Find out which group(s) have been granted the JIRA Administrators global permission

  1. In your web browser, go to http://<your-server>/secure/admin/jira/GlobalPermissions.jspa
  2. Find out which group(s) have been granted the JIRA Administrators global permission (if no one has changed this one your instance, it will be the jira-administrators group), or grant this global permission to a group.

2. Grant back administrative privileges

You have a couple of options:

Option 1. Add admin privileges to an existing user:

  1. Go to http://<your-server>/secure/admin/user/UserBrowser.jspa
  2. Select a user.
  3. Click on Edit Groups and add the user to the group that has the JIRA Administrators global permission.

Option 2. Creating a new admin user:

  1. Go to http://<your-server>/secure/admin/user/UserBrowser.jspa
  2. Click on Add User, fill in the form, then click Create.
  3. Click on Edit Groups, and add the user to the group that has the JIRA Administrators global permission.

3. Re-apply security restrictions

After you have fixed up the permissions, remember to re-enable the commented-out section in seraph-config.xml, and restart JIRA.

Document generated by Confluence on Oct 06, 2009 00:26