Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Getting all of the users in Jira v10+ through the API

Erazem Kos
Contributor
July 2, 2025

Hi, I want to get all of the users using the Jira Data Center through the rest API for an integration I am developing. I saw that Jira 10 has this limitation. This lead me to trying the following - 1. get all application roles, 2. get the one that has the key "jira-software" and 3. get all of the members of child groups. Will this get all of the users of the Jira DC? Will this key always remain the same, regardless of the language Jira is in or something, or can it be edited?

1 answer

0 votes
Carlos Garcia Navarro
Community Champion
July 2, 2025

Hi @Erazem Kos ,

The limitation that you pointed out includes a workaround as well. Would that work for your use case?

Workaround

  1. Use Username Filters to Fetch Subsets of Users
    By applying filters to the username parameter, you can retrieve smaller subsets of users and manually aggregate the results. For example:
    https://{baseurl}/rest/api/2/user/search?username=a*&startAt=0&maxResults=100
    
  2. Query the Jira Database Directly
    If direct access to the Jira database is available, the customer can query the cwd_user table to retrieve all users. Example query:
    SELECT user_name, display_name, email_address
    FROM cwd_user
    WHERE active = 1
    ORDER BY user_name ASC
    LIMIT 100 OFFSET 0;
    
Erazem Kos
Contributor
July 3, 2025

No I will not have direct access to the database, so that is out of the question for my use case. The subsets approach is very tough as I don't know how many total users there will be. So for example querying with "a" could match more than 100 users, and then I need to produce sub-queries and deduplicate etc.

Will my proposed solution not get all of the users?

Like John Funk likes this
Evgenii
Community Champion
July 3, 2025

Hi, @Erazem Kos 

You don't need to perform any deduplication.

When you have more than 100 users, you'll need to use pagination. Simply retrieve and parse the user list page by page until you've fetched all results.

Like # people like this
Erazem Kos
Contributor
July 3, 2025

But that pagination is not working for Jira 10. It gets truncated to 100 users - talking about the v2 user/search API that I linked to in the original post. 

Like John Funk likes this
Evgenii
Community Champion
July 3, 2025

I don't have installed 10+ Jira for tests. Can you write structure of  response here?
Of course without user data arrays.
Just JSON structure

Like John Funk likes this
Erazem Kos
Contributor
July 4, 2025

@Evgenii No need, just check the official docs (see max results parameter) and the link to the limitation where it is confirmed that this limitation exists.

Please understand that I am not asking about that endpoint at all, as I have tested it out by myself that the pagination can't query more than 100 users. That being said, my question is about the proposed workaround:

1. get all application roles, 2. get the one that has the key "jira-software" and 3. get all of the members of child groups. Will this get all of the users of the Jira DC? Will this key always remain the same, regardless of the language Jira is in or something, or can it be edited?

Evgenii
Community Champion
July 4, 2025

@Erazem Kos got it.

I'm not sure if you actually need to retrieve application roles — maybe you're referring to groups that grant access to specific apps?

If there's a single main group that controls app access (e.g., jira-software-users), you can fetch users from that group using the appropriate REST API endpoint with pagination support:

http://localhost:8088/rest/api/2/group/member?groupname=jira-software-users

However, if multiple groups are used to manage app access, then you’ll need to retrieve users from each group and combine them into a collection that removes duplicates — such as a set in most programming languages.

You can check which groups provide application access in the Application Access section:

http://localhost:8088/secure/admin/ApplicationAccess.jspa
Screenshot_57.png

Erazem Kos
Contributor
July 4, 2025

@Evgenii in my case there is a single jira-software-users group that controls application access indeed. But I imagine this can be edited in the database, so I would prefer not to rely on the name of this specific group. Instead I want to rely on the application role, as I don't think it can be edited/changed as it holds the user licensing info.

For example this is what I am seeing on the ApplicationAccess:
Screenshot 2025-07-04 at 13.46.00.png

 

And this directly corresponds with the jira-software application role API response I get. I get both groups and I also get which one is the default. My main question is whether I can rely on this or can this jira-software role be edited between instances - for example can I somehow change this role's name to jira-software-1.

Evgenii
Community Champion
July 4, 2025

Let’s start by clarifying the terminology — these are called groups (or user groups ), not application roles.

You can assign access to an application (like Jira) for any group in your instance — not just the default ones like jira-software-users.

For example, you can create custom groups such as:

  • external-users
  • contractors
  • blablabla

Then, add those groups in the Application Access section. Once done, any user in those groups will have access to Jira — even if they’re not part of other groups.

This gives you flexibility in managing access based on your organization’s structure.

And answering on your question about name change - no, it's not possible to change group name. The only option is to create new group with required name.

Erazem Kos
Contributor
July 4, 2025

@Evgenii I still don't think we are on the same page. My question is not exactly about groups. I know and understand what they are and how they interact with the permission model etc.

First let's clarify what it is that I want to achieve: I want to get all Jira Data Center users through an API, regardless of the configuration.

Since user/search API pagination is truncated, this is not an acceptable solution.

Then let's say I query the jira-software-users group's members. This would work, but according to this KBA it is possible to rename this group, so I can't rely on it to always work. So this is no really an acceptable solution either.

Finally there is the Application role named jira-software. Hitting the 

/rest/api/2/applicationrole/jira-software

in my demo instance, I get:

{"key": "jira-software",
"groups": [
"jira-administrators",
"jira-software-users"
],
"name": "Jira Software",
"defaultGroups": [
"jira-software-users"
],
"selectedByDefault": true,
"defined": true,
"numberOfSeats": -1,
"remainingSeats": -1,
"userCount": 102,
"userCountDescription": "users",
"hasUnlimitedSeats": true,
"platform": false
}

 which corresponds to the information I see at the ApplicationAccess.jspa.

My main question is - can I rely on this application role to always have all the groups I need to get all the users? I am essentially relying on jira-software application role key being the same for all instances and that it can't be edited, because the group name apparently can be.

Suggest an answer

Log in or Sign up to answer