Hello Matt I want an SQL query for that since my admins want to automate the process

Me too!

And fields, and the configuration of dashboard gadgets, and use in saved filters, and, and, and...

Hello @Rinaldi James Michael , thanks a lot for sharing your work. The scripts saved me a lot of our time.

(COMMENT DELETED)

Do these scripts cover all the aspects listed before?

@Nic Brough -Adaptavist- -Adaptavist- : for Jira it covered the following aspects:  Project Roles, Global Permissions, Custom Fields. Shared Dashboards, Shared Filters, Filter Subscriptions, Application Access, Saved Filters (JQL), Notification Schemes, Permissions Scheme, Permission Scheme granted to group, Comment visibility, Issue security level and Work log visibility. That was well enough for the preparation of our migration.

@Rinaldi James Michael : there's a few things, that @Andree Knoche improved in the final Jira group script to make that script work for us: 

• Line 34 (the type "String" was wrong)

 HashMap<String, HashSet<String>> groupHashMap = new HashMap<>();

• Line 49 (we are using an Oracle DB, which dodn't work with the contact of three parameters. Don't know if the original line works for other DBs, though)

CONCAT (CONCAT(p.pkey, '-'), ji.issuenum)

• Line 99: a try/catch to get the error messages and some logging. 

(COMMENT DELETED)

It's only the Line 49 that is different, since we use Oracle DB. Oracle users just have to switch the CONCAT to what Andree added and your script works smoothly.

I am no Groovy Expert, but in my eyes Line 34 should not be working in any setup, since you initialize it with "String": 

 HashMap<String, String> groupHashMap = new HashMap<>();

 But then add a new HashSet<String>:

groupHashMap.put(allGroupsInJira[g],new HashSet<String>());

o

Problem is that article doesn't reference the complexities or how to actually answer the question.  That's why Google lands here - it explains it properly.

Your answer explains the complexity on the details and nuances in the question -- I wholeheartedly agree.

The kb-article gave me the answer I needed, based on a very similar question to this community post, nevertheless :) 

I usually never comment on forums but can attest that this post is worthless and I don't understand why the question is so hard. All I want to see is the all the permission schemes (and potentially others schemes like notifications) that have a reference to the group in question. Inside the JIRA admin all you see is that the group in question has no product access which is flat garbage because the users access the product every day and are on multiple permission schemes. My use case might be far less complex than ones above, but maybe simplicity is a good place to begin?

We are looking at permissions of the current groups to see if all are necessary and that the permissions aren't being duplicated over multiple groups.

That a number of the groups have only the comment "This group currently has no product access" is not helpful.  

We have the cloud version which doesn't allow for running SQL against the Database.

So any development which would allow clear showing of what permissions each group has would be very welcome.

Kind Regards

The question is hard to answer because it does not have any context.  So the answers you're seeing here are either highly generic (because there's no context) or trying to ask for that context.

I think it's probably important to be very clear about the context of the question.  What problem are you trying to solve?  (In fact, is it really a problem?  "I want to cut down the number of groups" is not the actual problem, the problem behind that is likely more to be "the admin is struggling to maintain all the people in the groups".  Getting a list of permissioned groups probably isn't going to help much with that, it would be far better to review the groups without looking at permissions, get the groups tidied into what you actually need from them, get the space admins to review their spaces to see that the new/changed groups have the right access, and then kill off the ones you don't need later.  Or, even, stop using groups apart from the bare minumum of "can use the application" and maybe a small handful of wide-ranging standard groups, and get the space admins to add the people they need when they need them.

A list of 100,000 lines listing every permission every user and every group in every space is not really going to help you rationalise, the permissions aren't really the problem you're trying to solve in these cases.

As a Jira Admin,
I want to see all permitted access a particular group of users has,
So that I can ensure they do not have more access than I intend.

Jira OOTB is not very secure-by-default once you let in users outside your org.  You need to lock down various things - conveniently via groups.

For example, group "external-users-client1" should have permission to see only a Jira project dedicated for collaborating with Client1.

I want to be able to address concerns like:  Did I set that up properly, or possibly create a huge security hole that is not obvious?

Hi Nic, 

I am currently an Intern and trying my hands in every Area of JIRA, I tried my hands in JIRA, EasyBI, BigPicture, so My JIRA admin gave me a assignment to figure out where all the groups are getting used in JIRA for Ex.

1. Permission schemes
2. Any other shares:

• Filters
• Dashboards
• Agile Boards
• Tempo
• eazyBI

I want to extract the list. 

I found this link but I have to insert all the roles and run separate query for for each which kind of make it complicated.

https://confluence.atlassian.com/jirakb/how-to-identify-group-usage-in-jira-441221524.html

Need some work around for this.

Right, that's a significant project in itself, even in a small Jira.

Your list is a start, but you also need to look at

• Fields
• Filters referring to fields (of many types)
• Notifications
• Subscriptions
• Workflows (conditions, validators, post functions, triggers)
• Integrations (application links for example)
• Outgoing calls
• And
• And
• And

As you can tell, this is not a simple task.  However, it is generally of limited use too, and hence pretty much a massive waste of time.

Go back to the real question. "I want to know where groups/users are used" is not the real question.  Why do you want to know where they're used?  What's the point?  Why does it matter?

The JIRA admin wants it for tracking process and she wants to automate the process instead of looking into JIRA manually

Automate what?

I mean the process of looking all the Usage of the groups she wants it in excel tabular format

I'm afraid that's a circular answer - "Why do you want to know where they are used?" is not answered by "I want to look at where they are used".

Could you tell us why this matters and how it would be more useful than going into the configuration to check, understand and amend access?

as I mentioned I am an intern and this is assignment given to me by JIRA admin. I suppose may be want to present the report to management or to save time. I am not sure why they want it that way.

Then ask them.

Take this conversation to them.  Point out that "where a group is used" is a very complex thing to try to extract from Jira (even before you install any add-ons).

It is still possible, but it's going to take you a LOT longer to form SQL than it is to investigate every place where they might be used manually, and than any investigation is going to take a very very long time.

If you knew why you were doing this, you would probably save a lot of time because you could focus on the actual question.

a use case could be that a group (coming from AD) will be deleted and you want to replace it with another one... so it would be good to know in advance and replace it before it will be deleted, especially when you have a big Jira and propably a high impact on this

In that case, you'll want to be work through all the UI options anyway, because you'll be needing to change the settings for the new group.  A long list of where it might have to change is not going to help you.