...
Include Code | ||||
---|---|---|---|---|
|
To put use this script into productionto automatically deactivate users:
- Save
Checkout the
abovescript from the github repository to
$JIRAHOME/scripts:
deactivate_inactive_users.groovy. Make it owned by root but readable by group jira.Code Block cd $JIRAHOME/scripts git clone https://github.com/redradishtech/
jira-user-deactivator-groovy chgrp -R jira jira-user-deactivator-groovy # Ensure Jira has read access.
If you first want to see what would happen without deactivating anyone, edit
deactivate-inactive-jira-users-nonsql.groovy
and comment out theupdateUser
line:Code Block // Comment out this line to do a dry run: // userService.updateUser(updateUserValidationResult)
Go to the ScriptRunner Jobs tab, e.g. by typing 'gg' then 'Script jobs':
(ScriptRunner Jobs is just a nice UI around Jira Services. In the past one would have created a com.onresolve.jira.groovy.GroovyService Jira Service directly)
- Create a *Custom Scheduled Job:
For User pick an account with the Jira Administrators global permission. You might like to create a dedicated role account ('deactivator') as I have in the screenshot, so that the Job isn't tied to a user account, but this does cost a license slot. - Click Run Now to run the script interactively.
The Logs tab will show what actions the script took (or would have taken if you commented outupdateUser
): - If all looks good, click Add to permanently add the Job.
- Go to the Scriptrunner Script Console and do a test run:
If all looks good, go to Jira's Services admin page, and add a service of type com.onresolve.jira.groovy.GroovyServiceWarning I am finding that users are not actually deactivated, when the script is run like this as a service. The script runs successfully judging by the logs, but users are unaffected. YMMV - I have not yet debugged this, and it may affect only my Jira 8.5.1 instance.
ScriptRunner Solution with SQL Rules
...
Here is Postgres-flavoured SQL, creating a queries.inactive_users
view, of users that can be deactivated (source at https://github.com/redradishtech/jira-user-deactivator-groovy/blob/master/active_users.sql):
Include Code | ||||
---|---|---|---|---|
|
Here is a corresponding Groovy script that reads usernames from the view, and deactivates those accounts (source):
Include Code | ||||
---|---|---|---|---|
|
...
The script should be installed in $JIRAHOME/scripts/jira-user-deactivator-groovy/deactivate_inactive_users.groovy
and ande invoked automatically as a service, as described above.
...
Without any plugins, the cleanest solution would be a script utilitizing utilizing Jira's REST interface. The script would search for inactive users with Crowd CQL, then deactivate them. A REST solution would have the advantage of also working on Cloud Jira.
...
I haven't researched this much further, as instances I work with all have ScriptRunner available.
What about Confluence?
There is now a Confluence version of the inactive_users
SQL at https://github.com/redradishtech/jira-user-deactivator-groovy/blob/master/inactive_users_confluence.sql. Note that the SQL doesn't limit itself to Internal directories yet. I haven't made a Groovy deactivation script based around it yet.
Conclusion
Using ScriptRunner, we have implemented a means for Jira to automatically deactivate inactive users, thus saving license slots. This is (to my knowledge, as of ) the only implementation that handles never-logged-in users. Users who require more flexibility can use the SQL-augmented approach.
...