This sample disables a user - by setting the JIRA Context to a user with higher Level:
This is a potential thread, as its possible for anyone who can create and execure groovy scripts to elevate rights, just by knowing an admin username
import com.atlassian.crowd.embedded.api.User import com.atlassian.crowd.embedded.impl.ImmutableUser import com.atlassian.jira.bc.user.UserService import com.atlassian.jira.component.ComponentAccessor import com.atlassian.jira.user.util.UserManager import com.onresolve.scriptrunner.runner.util.UserMessageUtil import com.atlassian.crowd.embedded.api.UserWithAttributes import com.atlassian.crowd.embedded.api.CrowdService import com.atlassian.jira.user.ApplicationUsers CrowdService crowdService = ComponentAccessor.crowdService UserManager userManager = ComponentAccessor.getUserManager() UserService userService = ComponentAccessor.getComponent(UserService.class) String adminUsername = "automation" def jiraAuthenticationContext = ComponentAccessor.jiraAuthenticationContext def adminUser = ComponentAccessor.userManager.getUserByKey(adminUsername) def originalUser = jiraAuthenticationContext.loggedInUser try { //Swicth User jiraAuthenticationContext.setLoggedInUser(adminUser) } finally { // jiraAuthenticationContext.setLoggedInUser(originalUser) } if (jiraAuthenticationContext.getLoggedInUser() == ComponentAccessor.userManager.getUserByKey(adminUsername)) { //Rigts has been elevated, we can do the following code: UserService.UpdateUserValidationResult updateUserValidationResult UserWithAttributes user = crowdService.getUserWithAttributes(issue.getReporter().getName()) updateUser = ApplicationUsers.from(ImmutableUser.newUser(user).active(false).toUser()) updateUserValidationResult = userService.validateUpdateUser(updateUser) if (updateUserValidationResult.isValid()) { userService.updateUser(updateUserValidationResult) UserMessageUtil.success("The Reporter has been disabled in the User Database") } else { UserMessageUtil.error("The Reporter could not be disabled in the User Database") } } else { //Elevation of Rights failed UserMessageUtil.error("Elevation of rights failed. Contact Administrator") }