This article describes how to fix an issue with the ACL of the EC-Admin property when running EC-Admin plugin procedures.
Problem
When running EC-Admin procedures you may get the following error:
Job error [AccessDenied]: none of the principals in this authentication context ('project: EC-Admin-2.27.3.475', 'project: EC-Admin-2.27.3.475') have all the required privileges (read privilege on property 'EC-Admin', modify privilege on property 'EC-Admin') to perform the operation
Solution
EC-Admin property is a server level property so there is no direct way to access ACL definitions of it.
To modify it you have to complete the following steps:
-
Login with admin permissions to ectool - ectool login <user> <passwd>
-
Run the following command - ectool getProperty /server/propertySheet/"EC-Admin"
and you will get a similar output:
<property> <propertyId>de16fb33-4716-11e7-be59-2e9a20524153</propertyId> <propertyName>EC-Admin</propertyName> <createTime>2017-06-01T22:08:39.884Z</createTime> <lastModifiedBy>admin</lastModifiedBy> <modifyTime>2017-06-01T22:08:39.884Z</modifyTime> <owner>admin</owner> <tracked>1</tracked> <propertySheetId>de16fb34-4716-11e7-be59-2e9a20524153</propertySheetId> </property>
-
Identify the UUID of the property which is inside <propertyId> tag - <propertyId>de16fb33-4716-11e7-be59-2e9a20524153</propertyId>
-
Insert the UUID for the propertySheet and your commanderServerName in the following URL:
https://<commanderServerName>commander/link/accessControl/propertySheets/*<UUID>*?objectType=propertySheet
After you will be able to get to Access Control page for this property
Workaround for older versions of the product where the solution does not work |
In this case, you might need to change the URL proposed in the previous section (step 4) and use:
https://<commanderServerName>/commander/link/updatePropertySection/propertySheets/*<UUID>*?propertyName=EC-Admin\&s=Administration\&ss=Server
You should add the EC-Admin project to this ACL:
After completing all descibed steps you should not run into "AccessDenied" error for accessing EC-Admin property.
Please contact support@cloudbees.com if you have questions.