CMJ Integrity Check reports Duplicate object error for Agile board, but it is not accessible even though I have administrator privileges.

Owned by
Yuri Diamandiev
Last updated: Mar 14, 2019 by
Boyan Batchvarov
3 min read

Symptoms:

Duplicate Agile Board error is reported by Integrity Check, but such board is not accessible through JIRA's UI and produces a similar error:

Cause:

Agile board's visibility is based on its filter's JIRA Share Permissions, not on administrator privileges. https://confluence.atlassian.com/adminjiraserver071/managing-shared-filters-802593150.html

A user can create a filter and not share it and it won’t be accessible by anyone, admins included. Modifying the board owner and boardadmins tables won't help either, it's the share permissions that determine a filter's visibility. 

Resolution 1:

Use the following Groovy script to make only a filter with specified ID on the system be accessible to the "jira-administrators" group:

Make filter accessible to admin
import com.atlassian.crowd.embedded.api.User
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.issue.search.SearchRequest
import com.atlassian.jira.issue.search.SearchRequestEntity
import com.atlassian.jira.issue.search.SearchRequestManager
import com.atlassian.jira.sharing.SharePermission
import com.atlassian.jira.sharing.SharePermissionImpl
import com.atlassian.jira.sharing.SharedEntity.SharePermissions
import com.atlassian.jira.sharing.type.ShareType.Name
import com.atlassian.jira.util.Visitor

// This function will share the filter with ID "filterId" with the group "jira-administrators"
def makeFilterAccessibleToAdmins(long filterId) {
    ApplicationUser user = ComponentAccessor.getJiraAuthenticationContext().getLoggedInUser();
	SearchRequestManager srm = ComponentAccessor.getComponent(SearchRequestManager.class);
	
	SearchRequest sr = srm.getSearchRequestById(filterId);
    Set<SharePermission> permissionsSet = new HashSet<SharePermission>(
        sr.getPermissions().getPermissionSet()
    );
    permissionsSet.add(new SharePermissionImpl(null, Name.GROUP, "jira-administrators", null));
    sr.setPermissions(new SharePermissions(permissionsSet));
    
    srm.update(sr);
}

// Pass the ID of the filter you want to update
makeFilterAccessibleToAdmins(FILTERIDHERE);


Resolution 2:

You can use this groovy script to make all filters global.

NB! makeAllFiltersGlobal returns the ids of all changed filters. This list can be used to revert the changes, so save it!

Make all filters global
import com.atlassian.crowd.embedded.api.User
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.issue.search.SearchRequest
import com.atlassian.jira.issue.search.SearchRequestEntity
import com.atlassian.jira.issue.search.SearchRequestManager
import com.atlassian.jira.sharing.SharePermission
import com.atlassian.jira.sharing.SharePermissionImpl
import com.atlassian.jira.sharing.SharedEntity.SharePermissions
import com.atlassian.jira.sharing.type.ShareType.Name
import com.atlassian.jira.util.Visitor

def makeAllFiltersGlobal() {
    def changedFilters = [];
    
    ApplicationUser user = ComponentAccessor.getJiraAuthenticationContext().getLoggedInUser();
	SearchRequestManager srm = ComponentAccessor.getComponent(SearchRequestManager.class);
    
    srm.visitAll(new Visitor<SearchRequestEntity>() {
        
        void visit(SearchRequestEntity e) {            
            SearchRequest sr = srm.getSearchRequestById(e.id)
            Set<SharePermission> permissionsSet = new HashSet<SharePermission>(
                sr.getPermissions().getPermissionSet()
            );
            
            // check if the filter is already global
            if (!permissionsSet.any { it.getType() == Name.GLOBAL } ) {
            	changedFilters.add(e.getId());
            
            	permissionsSet.add(new SharePermissionImpl(Name.GLOBAL, null, null));
            	sr.setPermissions(new SharePermissions(permissionsSet));
            	
                srm.update(sr);
            }
        }
    });
    
    return changedFilters;
}


makeAllFiltersGlobal();



You can revert the changes and remove the global permissions with this script.
Remove global share permission from filters
import com.atlassian.crowd.embedded.api.User
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.component.ComponentAccessor
import com.atlassian.jira.issue.search.SearchRequest
import com.atlassian.jira.issue.search.SearchRequestEntity
import com.atlassian.jira.issue.search.SearchRequestManager
import com.atlassian.jira.sharing.SharePermission
import com.atlassian.jira.sharing.SharePermissionImpl
import com.atlassian.jira.sharing.SharedEntity.SharePermissions
import com.atlassian.jira.sharing.type.ShareType.Name
import com.atlassian.jira.util.Visitor

// Remove the global share permission from a filter.
def removeGlobalSharePermission(long filterId) {
    ApplicationUser user = ComponentAccessor.getJiraAuthenticationContext().getLoggedInUser();
	SearchRequestManager srm = ComponentAccessor.getComponent(SearchRequestManager.class);
	
	SearchRequest sr = srm.getSearchRequestById(filterId);
    Set<SharePermission> permissionsSet = new HashSet<SharePermission>(
        sr.getPermissions().getPermissionSet()
    );
    
    permissionsSet.removeAll { it.getType() == Name.GLOBAL };
    sr.setPermissions(new SharePermissions(permissionsSet));
    
    srm.update(sr);
}

// Remove the global share permission from a list of filters.
def removeGlobalSharePermission(List ids) {
    for (id in ids) {
        removeGlobalSharePermission((long)id);
    }
}

// List filter ids
def ids = [10000, 10001, 10002];

removeGlobalSharePermission(ids);