SonarQube "Insufficient privileges"
16,437
User which runs analysis needs permissions:
- global:
Execute Analysis
- project:
BROWSE
andSEE SOURCE CODE
Tested on SonarQube 5.1.1.
Related videos on Youtube
Author by
Yves Schumann
Updated on June 04, 2022Comments
-
Yves Schumann almost 2 years
A lot of our build jobs fail at the moment as of the "Insufficient privileges" problem since the update to 5.x. The problem should be fixed in SonarQube 5.1 as stated in here but either it is in fact not fixed or there is another problem with the same error as we currently run SonarQube 5.1.1.
Here's an example of the error message:
08:27:13 [ERROR] Failed to execute goal org.codehaus.mojo:sonar-maven-plugin:2.6:sonar (default-cli) on project server: Fail to decorate 'org.sonar.api.resources.File@b77a66[key=src/main/java/ch/ti8m/security/hwtoken/server/services/impl/TOTPAlgorithm.java,path=src/main/java/ch/ti8m/security/hwtoken/server/services/impl/TOTPAlgorithm.java,filename=TOTPAlgorithm.java,language=Java]': Insufficient privileges -> [Help 1] 08:27:13 org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.codehaus.mojo:sonar-maven-plugin:2.6:sonar (default-cli) on project server: Fail to decorate 'org.sonar.api.resources.File@b77a66[key=src/main/java/ch/ti8m/security/hwtoken/server/services/impl/TOTPAlgorithm.java,path=src/main/java/ch/ti8m/security/hwtoken/server/services/impl/TOTPAlgorithm.java,filename=TOTPAlgorithm.java,language=Java]' 08:27:13 at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:216) 08:27:13 at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153) 08:27:13 at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145) 08:27:13 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116) 08:27:13 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80) 08:27:13 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51) 08:27:13 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:120) 08:27:13 at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:355) 08:27:13 at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:155) 08:27:13 at org.apache.maven.cli.MavenCli.execute(MavenCli.java:584) 08:27:13 at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:216) 08:27:13 at org.apache.maven.cli.MavenCli.main(MavenCli.java:160) 08:27:13 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 08:27:13 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 08:27:13 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 08:27:13 at java.lang.reflect.Method.invoke(Method.java:606) 08:27:13 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289) 08:27:13 at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229) 08:27:13 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415) 08:27:13 at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356) 08:27:13 Caused by: org.apache.maven.plugin.MojoExecutionException: Fail to decorate 'org.sonar.api.resources.File@b77a66[key=src/main/java/ch/ti8m/security/hwtoken/server/services/impl/TOTPAlgorithm.java,path=src/main/java/ch/ti8m/security/hwtoken/server/services/impl/TOTPAlgorithm.java,filename=TOTPAlgorithm.java,language=Java]' 08:27:13 at org.codehaus.mojo.sonar.bootstrap.ExceptionHandling.handle(ExceptionHandling.java:41) 08:27:13 at org.codehaus.mojo.sonar.bootstrap.RunnerBootstraper.execute(RunnerBootstraper.java:139) 08:27:13 at org.codehaus.mojo.sonar.SonarMojo.execute(SonarMojo.java:132) 08:27:13 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:132) 08:27:13 at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:208) 08:27:13 ... 19 more 08:27:13 Caused by: org.sonar.api.utils.SonarException: Fail to decorate 'org.sonar.api.resources.File@b77a66[key=src/main/java/ch/ti8m/security/hwtoken/server/services/impl/TOTPAlgorithm.java,path=src/main/java/ch/ti8m/security/hwtoken/server/services/impl/TOTPAlgorithm.java,filename=TOTPAlgorithm.java,language=Java]' 08:27:13 at org.sonar.batch.phases.DecoratorsExecutor.executeDecorator(DecoratorsExecutor.java:104) 08:27:13 at org.sonar.batch.phases.DecoratorsExecutor.decorateResource(DecoratorsExecutor.java:87) 08:27:13 at org.sonar.batch.phases.DecoratorsExecutor.decorateResource(DecoratorsExecutor.java:79) 08:27:13 at org.sonar.batch.phases.DecoratorsExecutor.decorateResource(DecoratorsExecutor.java:79) 08:27:13 at org.sonar.batch.phases.DecoratorsExecutor.execute(DecoratorsExecutor.java:71) 08:27:13 at org.sonar.batch.phases.DatabaseModePhaseExecutor.execute(DatabaseModePhaseExecutor.java:127) 08:27:13 at org.sonar.batch.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:264) 08:27:13 at org.sonar.api.platform.ComponentContainer.startComponents(ComponentContainer.java:92) 08:27:13 at org.sonar.api.platform.ComponentContainer.execute(ComponentContainer.java:77) 08:27:13 at org.sonar.batch.scan.ProjectScanContainer.scan(ProjectScanContainer.java:235) 08:27:13 at org.sonar.batch.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:230) 08:27:13 at org.sonar.batch.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:228) 08:27:13 at org.sonar.batch.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:220) 08:27:13 at org.sonar.api.platform.ComponentContainer.startComponents(ComponentContainer.java:92) 08:27:13 at org.sonar.api.platform.ComponentContainer.execute(ComponentContainer.java:77) 08:27:13 at org.sonar.batch.scan.ScanTask.scan(ScanTask.java:57) 08:27:13 at org.sonar.batch.scan.ScanTask.execute(ScanTask.java:45) 08:27:13 at org.sonar.batch.bootstrap.TaskContainer.doAfterStart(TaskContainer.java:135) 08:27:13 at org.sonar.api.platform.ComponentContainer.startComponents(ComponentContainer.java:92) 08:27:13 at org.sonar.api.platform.ComponentContainer.execute(ComponentContainer.java:77) 08:27:13 at org.sonar.batch.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:158) 08:27:13 at org.sonar.batch.bootstrapper.Batch.executeTask(Batch.java:95) 08:27:13 at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:67) 08:27:13 at org.sonar.runner.batch.IsolatedLauncher.execute(IsolatedLauncher.java:48) 08:27:13 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 08:27:13 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 08:27:13 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 08:27:13 at java.lang.reflect.Method.invoke(Method.java:606) 08:27:13 at org.sonar.runner.impl.BatchLauncher$1.delegateExecution(BatchLauncher.java:87) 08:27:13 at org.sonar.runner.impl.BatchLauncher$1.run(BatchLauncher.java:75) 08:27:13 at java.security.AccessController.doPrivileged(Native Method) 08:27:13 at org.sonar.runner.impl.BatchLauncher.doExecute(BatchLauncher.java:69) 08:27:13 at org.sonar.runner.impl.BatchLauncher.execute(BatchLauncher.java:50) 08:27:13 at org.sonar.runner.api.EmbeddedRunner.doExecute(EmbeddedRunner.java:102) 08:27:13 at org.sonar.runner.api.Runner.execute(Runner.java:100) 08:27:13 at org.codehaus.mojo.sonar.bootstrap.RunnerBootstraper.execute(RunnerBootstraper.java:135) 08:27:13 ... 22 more 08:27:13 Caused by: java.lang.IllegalStateException: Insufficient privileges 08:27:13 at org.sonar.batch.bootstrap.ServerClient.handleHttpException(ServerClient.java:137) 08:27:13 at org.sonar.batch.bootstrap.ServerClient.request(ServerClient.java:107) 08:27:13 at org.sonar.batch.bootstrap.ServerClient.request(ServerClient.java:99) 08:27:13 at org.sonar.batch.bootstrap.ServerClient.request(ServerClient.java:87) 08:27:13 at org.sonar.batch.issue.tracking.DefaultServerLineHashesLoader.loadHashesFromWs(DefaultServerLineHashesLoader.java:47) 08:27:13 at org.sonar.batch.issue.tracking.DefaultServerLineHashesLoader.getLineHashes(DefaultServerLineHashesLoader.java:38) 08:27:13 at org.sonar.batch.issue.tracking.SourceHashHolder.initHashes(SourceHashHolder.java:52) 08:27:13 at org.sonar.batch.issue.tracking.SourceHashHolder.getHashedReference(SourceHashHolder.java:60) 08:27:13 at org.sonar.batch.issue.tracking.IssueTracking.mapIssues(IssueTracking.java:83) 08:27:13 at org.sonar.batch.issue.tracking.IssueTracking.track(IssueTracking.java:55) 08:27:13 at org.sonar.batch.issue.tracking.IssueTrackingDecorator.doDecorate(IssueTrackingDecorator.java:139) 08:27:13 at org.sonar.batch.issue.tracking.IssueTrackingDecorator.decorate(IssueTrackingDecorator.java:113) 08:27:13 at org.sonar.batch.phases.DecoratorsExecutor.executeDecorator(DecoratorsExecutor.java:96) 08:27:13 ... 57 more 08:27:13 [ERROR] 08:27:13 [ERROR] Re-run Maven using the -X switch to enable full debug logging. 08:27:13 [ERROR] 08:27:13 [ERROR] For more information about the errors and possible solutions, please read the following articles: 08:27:13 [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException 08:27:13 SonarQube analysis completed: FAILURE 08:27:13 Build step 'SonarQube' changed build result to FAILURE 08:27:13 Build step 'SonarQube' marked build as failure
Any ideas on how to fix it? The workaround to gave permission to anyone is a NoGo as the whole system must respect some NDAs and so the access is restricted.
-
Julien L. - SonarSource Team almost 9 yearsHi, are you sure that the user used to run the analysis has the "Browse" permission on the project ?
-
Yves Schumann almost 9 yearsHi Julien, yes I'm sure. Verified this once again and the configured "SonarQube account login" on our Jenkins installation has "Browse" permission on every Sonarqube project. Please let me know if you need further details!
-
Seb - SonarSource Team almost 9 yearsblindly troubleshooting here: does the analysis actually succeed if you try and use another user with higher permissions?
-
Yves Schumann almost 9 yearsHi Seb, I've tried it with the admin credentials and the analysis was successfully finished. So how to go ahead?
-
-
Yves Schumann almost 9 yearsChecked this once again and the permissions are exactly like this but the Sonar analysis is still failing with insufficient permissions.
-
agabrys almost 9 yearsIs user a member of
sonar-users
? -
Yves Schumann almost 9 yearsYes, it is member of sonar-users.
-
agabrys almost 9 yearsCould you add the log with debug enabled? Sometimes when I can not solve the problem, I perform these steps: stop SonarQube server, remove directory
data/es
(it will be generated during startup) and start the server. It sounds silly, but already I solved the 3 problems in this way. -
agabrys almost 9 yearsNaxt silly question: could you login to SonarQube Web with this user? Mayby you have a problem with password?
-
Yves Schumann almost 9 yearsGotcha! That was the neccessary hint. Something with the credentials of the used account was wrong. After a reset of the credentials in the used Active Directory and re-entering them on Jenkins, everything works as expected.
-
l.cotonea almost 9 years@YvesSchumann: Then is it only a problem with LDAP or a problem with the LDAP and the user permission (global and project)?
-
ρяσѕρєя K over 8 yearsThis should be a comment.