BTW – sign-up to the blog is currently not working, so you cannot comment.
I’m trying to make our installation JIRA as self-supporting as possible. This means things like using SSO so there are no separate passwords for users to remember, and of course forget, and automatic creation of users on their first visit to jira. Of course, this is only possible for sites whose users are all internal.
Something else that we need to do is deactivate users who have left the firm. That’s not for security reasons, but to:
- keep the number of users in jira-users below the soft limit for the ajax user picker – 5000.
- help keep drop-down lists like assignee manageable, project managers won’t remember to update the roles for their project when someone leaves.
- keep tabs on which projects are active – eg if there are no projects admins for a project, perhaps it’s time to close that project down or assign someone else.
- and regularatory reasons – we need to confirm on a periodic basis that each user should still be members of their roles – the fewer the active users, the easier that is.
The logic is simple enough – for each user in jira-users, work out if the user should be retired, if so remove them from all groups and roles they are in.
I never delete them. Although from the Web UI you can delete them if they are not the reporter or assignee of any issues, I prefer not to.
How do you know if someone should be retired? In our case, I do an LDAP query against the user name. Leavers are moved to a node called RetiredUsers or something, so if their distinguishedName comes back with that in it, they’re considered to have left. I don’t think this is a “standard” though, so I’ve just left a stub in the script called userStillValid, which you would need to implement.
Installation
The script is then set to be run as a service by GroovyService. To get more control over when this is run, I set the service to run daily (every 1440 minutes), but the script bails out at the top unless it’s the first day of the month.
loading http://blogs.onresolve.com/jechlin/62/DeactivateOldUsers.groovy…
Nice.
Improvement: Even if you move a user out of jira-users group, his subscribed filter\s will still run which could slow down JIRA. Need to unsubscribe any subscribed filter. Remove all his shared\private filter\s if no other user marked it as favorite or subscribed to them.
You might also want to change the e-mail of the user to avoid any e-mail sending to the user after leaving the company.
Royce,
That’s a good idea. Will incorporate it when I update this.
cheers, jamie