Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48828

Bitbucket Team/Folder project: View Configuration pages shows Access Denied, Jenkins throws hudson.security.AccessDeniedException2

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Blocker
    • Resolution: Unresolved
    • Component/s: bitbucket-plugin
    • Environment:
    • Similar Issues:

      Description

      Summary:
      On a Jenkins instance where Security is set to "Logged in users can do anything," the logged in user admin is shown Access Denied: admin is missing the Job/Configure permission when viewing repositories inside of a Bitbucket Team project. At the same time this is shown, the Jenkins log shows a hudson.security.AccessDeniedException2.

      Steps to recreate:
      1. Go to Global Security, and set it to "Logged-in users can do anything."

      2. Set up a Bitbucket Team/Project job:

      3. Go through the Configuration screen and set up the project in a normal way:

      4. Verify that the project has been created:

      5. Verify that you can at least run some builds for repos inside of this Team Project. In this case I'm looking at a particular branch:

      6. (Optional) If you have shell access to the instance, tail -f the Jenkins log.

      7. Go back up to the top level of the project, select the drop down next to one of the repositories, and pick "View Configuration:"

      8. In the Branch Sources section, directly under the "Repository Name" pulldown, notice there's sort of a second Jenkins UI being shown, which says "Access Denied."

      9. The Jenkins log will display the following information on loading the View Configuration page:

      Jan 05, 2018 7:25:45 PM org.eclipse.jetty.server.handler.ContextHandler$Context log
      INFO: While serving http://172.18.40.95:8080/job/bitbucket-access-denied-demo/job/test-of-pull-requests/descriptorByName/com.cloudbees.jenkins.plugins.bitbucket.BitbucketSCMSource/fillRepositoryItems: hudson.security.AccessDeniedException2: admin is missing the Job/Configure permission
      

      This is an issue for two reasons. First, there shouldn't be this second UI at all. Second, it's not clear why a logged-in user on a system which has been set to "Logged in users can do anything" would be denied access to anything

        Attachments

          Activity

          Hide
          mquinn_akkadianlabs Mitchell Quinn added a comment -

          Ronnie Zhou can you give an example?

          Show
          mquinn_akkadianlabs Mitchell Quinn added a comment - Ronnie Zhou can you give an example?
          Hide
          jmkgreen James Green added a comment -

          We have just encountered this - using Role based permissions and a Bitbucket Folder project. Is the suggestion that the bit where permission denied is shown can only be adjusted through the Jenkinsfile? I.e. it's really the wrong error message?

          Show
          jmkgreen James Green added a comment - We have just encountered this - using Role based permissions and a Bitbucket Folder project. Is the suggestion that the bit where permission denied is shown can only be adjusted through the Jenkinsfile? I.e. it's really the wrong error message?
          Hide
          teeem Timothy Tabing added a comment -

          Same issue here. Any update?
          I am running 

          Jenkins: 2.181

          Bitbucket Branch Source: 2.4.4

           

          Show
          teeem Timothy Tabing added a comment - Same issue here. Any update? I am running  Jenkins: 2.181 Bitbucket Branch Source: 2.4.4  
          Hide
          teeem Timothy Tabing added a comment -

          I am still facing the same issue after upgrading

          Jenkins: 2.209

          Bitbucket Branch Source Plugin: 2.6.0

          Show
          teeem Timothy Tabing added a comment - I am still facing the same issue after upgrading Jenkins: 2.209 Bitbucket Branch Source Plugin: 2.6.0
          Hide
          thomhane Thomas Haney added a comment - - edited

          For the comments regarding having to setup permission in the jenkinsfile, That only sets the permissions on the branch plans, The multi branch pipelines that get created by the plugin don't inherit the permissions of the child based on the jenkinsfile. The default should be to always inherit from the parent.

          Show
          thomhane Thomas Haney added a comment - - edited For the comments regarding having to setup permission in the jenkinsfile, That only sets the permissions on the branch plans, The multi branch pipelines that get created by the plugin don't inherit the permissions of the child based on the jenkinsfile. The default should be to always inherit from the parent.

            People

            • Assignee:
              Unassigned
              Reporter:
              kshultz Karl Shultz
            • Votes:
              24 Vote for this issue
              Watchers:
              29 Start watching this issue

              Dates

              • Created:
                Updated: