'User is missing the Overall/Read permission' error with Jenkins GitHub OAuth Plugin
Solution 1
This is how I resolved the authentication problem:
Edit
config.xml
file, e.g.sudo vi /var/lib/jenkins/config.xml
Change
useSecurity
element's value tofalse
, e.g.<useSecurity>false</useSecurity>
Remove
authorizationStrategy
block
Restart Jenkins:
/etc/init.d/jenkins restart
.- Access Jenkins through URL as usual and reconfigure security again.
Solution 2
I had the same problem with "... is missing the Overall/Read permission" on Jenkins (1.651.2) with activated Credentials Plugin.
But it was my own failure: I only configured the user on project side (by credential plugin) but missed to configure the global security.
So I fixed it by selecting:
Jenkins -> Manage Jenkins -> Configure Global Security
And did setup missing global settings (or project matrix based one)
Solution 3
Have you followed this step, from the plugin page?
Control user authorization (i.e. who is allowed to see the jobs and build them) using the Github Commiter Authorization Strategy
Also, make sure you actually allow authenticated users to access Jenkins
- Under Jenkins global configuration, under Authorization, add user/group called
authenticated
- Give that group Overall Read permission
- The group should show up with a "group" icon (two users), as opposed to single user icon.
Solution 4
reset from <useSecurity>true</useSecurity>
to <useSecurity>false</useSecurity>
in config.xml and set the permission again.
Solution 5
Edit file /var/lib/jenkins/config.xml and add the following lines :
<authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy">
<permission>hudson.model.Hudson.Read:john.smith</permission>
</authorizationStrategy>
Restart Jenkins
real_ate
I have been working in an almost pure JavaScript environment since 2011, focusing on NodeJS backends and EmberJS for the frontend. My first Ember app went into production in December 2011 which was before Ember 1.0 was even released, so you could say that we have been doing Ember since the beginning. I'm a developer at https://simplabs.com and a member of the Ember Core Learning Team. I have a Computer Science degree and have always specialised in application architecture, knowing how to structure apps so that you can have the most performant and productive code base.
Updated on July 09, 2022Comments
-
real_ate almost 2 years
I'm using the github oauth plugin for our logins but for all of our users in the Organisation I get an error:
Access Denied <user> is missing the Overall/Read permission
I have tried everything I can possibly think of to try to make this work and I'm probably going to fallback to making everyone an admin user, which i would prefer not to do.
Any advise would be appreciated.
-
real_ate about 10 yearsYes i added our organisation, Blooie, to the list but the members of the organisation can't login. They all get the above error
-
Slav about 10 yearsDid you setup
authenticated
group to have permissions at all? I've updated the answer -
real_ate about 10 yearsOk so now i'm really really confused... you ask if i followed the step from the plugin page and this is all that step says: cloudup.com/cfbsnzHGBxA . I'm using the github authorization strategy and my users are public members of our organisation. Now you're talking about "Global Configuration", I assume that you mean "Global Security Configuration" cloudup.com/cfFzfQ8bYol I've gone to the Authorization section in the Global Security Configuration and i don't see anything related to groups: cloudup.com/cdPRoZ0xqxT Am i missing something?
-
Jacob McKay over 9 yearsJust like on the dancefloor, back that thang up: cp -R /var/lib/jenkins /var/lib/BACKUP-jenkins
-
Jonathan almost 8 yearsI think this is simpler than removing entire blocks of XML
-
giorgiosironi almost 8 yearsNote that the question is about how to make security work, not how to restart Jenkins without security to be able to access it.
-
Alexander Bird almost 8 yearsI assume that the comments about 'authenticated' group are assuming that you are using "Project-based Matrix Authorization Strategy" -- which it sounds like you are not: i.imgsafe.org/218e656913.png
-
eugene almost 8 yearsI had the problem in the question and fixed it in the similar way as this answer mentions. However, I did that editing the config directly:
sed -i '' -e 's/:Admin/:admin/g' Home/config.xml
. a little bit more information is here: egeek.me/2015/03/07/… -
Will over 7 yearsMy user was getting an error of [email protected] is missing the Overall/Read permission. I had that user in my jenkins matrix as [email protected]. As soon as I added [email protected] to the Jenkins matrix, that user could login ok.
-
Yaron over 6 yearsI can't access that, the system is locked and all I can see is this error message.
-
Dezzamondo over 6 yearsNice and succinct. Saves faffing about with turning security off and on again, etc.
-
derHugo over 6 yearsTrue but, thanks so much I thought I had lost my jenkins installation after locking the administrator out by accident
-
gubs about 5 yearsThank you. Your solution was awesome when i added new user. I faced the same error and resolved.
-
Ashish Karpe over 4 yearsIf we do this all current users will lose their user name and password right and have to create a new password all user? what if I just have reset permission of one user only?
-
Cameron Hudson over 4 yearsNice try, Nigerian Prince.
-
Gregory Danenberg over 3 yearsWe just experienced similar issue. It happened after adding a new user to role. To resolve it I changed useSecurity to false, restarted the Jenkins, then stopped Jenkins again and reverted the parameter to be true... somehow it solved the issue. Would happy to know if someone knows RC for this problem and how to prevent in the future.
-
Gregory Danenberg over 3 yearsI googled a bit more and found why is happened on our machine. Similar case as here stackoverflow.com/a/51790352/1085076
-
Krishna about 3 yearsYes, this is the right answer without compromising the Security. Thanks