'User is missing the Overall/Read permission' error with Jenkins GitHub OAuth Plugin
GithubJenkinsJenkins PluginsGithub Problem Overview
I'm using the github oauth plugin for our logins but for all of our users in the Organisation I get an error:
Access Denied
<user> is missing the Overall/Read permission
I have tried everything I can possibly think of to try to make this work and I'm probably going to fallback to making everyone an admin user, which i would prefer not to do.
Any advise would be appreciated.
Github Solutions
Solution 1 - Github
This is how I resolved the authentication problem:
-
Edit
config.xml
file, e.g.sudo vi /var/lib/jenkins/config.xml
-
Change
useSecurity
element's value tofalse
, e.g.<useSecurity>false</useSecurity>
-
Remove
authorizationStrategy
block -
Restart Jenkins:
/etc/init.d/jenkins restart
. -
Access Jenkins through URL as usual and reconfigure security again.
Solution 2 - Github
Have you followed this step, from the plugin page?
Control user authorization (i.e. who is allowed to see the jobs and build them) using the Github Commiter Authorization Strategy
Also, make sure you actually allow authenticated users to access Jenkins
- Under Jenkins global configuration, under Authorization, add user/group called
authenticated
- Give that group Overall Read permission
- The group should show up with a "group" icon (two users), as opposed to single user icon.
Solution 3 - Github
I had the same problem with "... is missing the Overall/Read permission" on Jenkins (1.651.2) with activated Credentials Plugin.
But it was my own failure: I only configured the user on project side (by credential plugin) but missed to configure the global security.
So I fixed it by selecting:
> Jenkins -> Manage Jenkins -> Configure Global Security
And did setup missing global settings (or project matrix based one)
Solution 4 - Github
reset from <useSecurity>true</useSecurity>
to <useSecurity>false</useSecurity>
in config.xml and set the permission again.
Solution 5 - Github
Edit file /var/lib/jenkins/config.xml and add the following lines :
<authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy">
<permission>hudson.model.Hudson.Read:john.smith</permission>
</authorizationStrategy>
Restart Jenkins
Solution 6 - Github
What I did when I got this error is to edit config.xml as mentionned by other users and correctly re-add my username in LOWERCASE in "configureSecurity" Jenkins' page. I was using "KrustyHack" when adding permissions but it didn't work. I had to add "krustyhack" instead, and it worked.
I hope it helps.
Solution 7 - Github
I had the same problem here, but it affected only some users, not all of them. Anyway, you should check public organization membership : documentation of the plugin states that "You have to be a public member of the organization for the authorization to work correctly." (https://wiki.jenkins-ci.org/display/JENKINS/Github+OAuth+Plugin).
Follow instructions from GitHub (https://help.github.com/articles/publicizing-or-hiding-organization-membership/) in order to make organization membership public, and this might fix your issue.
Solution 8 - Github
Also check the case user names in the authorizationStrategy
element. I made my new user's name lower case and restarted the service and it the error went away.
Solution 9 - Github
Fix it by these 2 shell commands on the server (sudo permission is required):
sudo ex +g/useSecurity/d +g/authorizationStrategy/d -scwq /var/lib/jenkins/config.xml
sudo /etc/init.d/jenkins restart
This will remove useSecurity
and authorizationStrategy
lines from your config file.
See also: Disable security at Jenkins website
Solution 10 - Github
We hit this same error when a github organization administrator changed the organization's settings for "Third-party access" to "restrict third-party application access". Reverting to the previous settings within the github organization resolved the problem.
See github oauth-app-access-restrictions for details on how to configure that properly.
Solution 11 - Github
The assignment of roles to users is stored in config.xml
file. Add the ID of the user directly to the role and then restart Jenkins.
In my case, I have a role named editor
and a bunch of users assigned to the role.
<role name="editor" pattern=".*">
<permissions>
<...>
<permission>hudson.model.Item.Create</permission>
<permission>hudson.model.Item.Workspace</permission>
<permission>...</permission>
</permissions>
<assignedSIDs>
<sid>bob</sid>
<sid>alice</sid>
<sid>**newuser**</sid>
</assignedSIDs>
</role>
Solution 12 - Github
The matrix security is not terribly clear. I am a member of a specific group in our org that has admin privileges however I am also an authenticated user. I would think that the one group super-cedes the other however I have to have both in order to actually log into the system and be admin. It's screwed up IMO.
Solution 13 - Github
- Go to $JENKINS_HOME (linux, jenkins in windows), and find config.xml file.
- Open this file in the editor. (take backup of .jenkins home)
- Look for the
<useSecurity>true</useSecurity>
element in this file. - Replace "true" with "false"
- Remove the elements
authorizationStrategy
andsecurityRealm
- Start Jenkins
Solution 14 - Github
Solution 15 - Github
I had the same problem before, your OAuth application need your organization owner's approve, then the OAuth Plugin can access the private data in it
Solution 16 - Github
I am using Crowd 2 plugin and I have the same problem. I fixed it by downgrading OWASP Markup Formatter Plugin from varsion 1.2 to version 1.1 and then changing Markup Formatter in Configure Global Security value to Raw HTML, before it was Plain text.
Solution 17 - Github
I had exactly the same problem and adding the plugin Role Strategy Plugin fixed the problem.
All I had to do was install the plugin, create two groups - admin / developer and then add users to the groups.
A much much better solution than recreating the whole permissions matrix :)
Solution 18 - Github
I had a similar problem I was not able access Jenkin account and the system was locked. I had only an error message. "Access Denied "
When I tried to reinstall Jenkins then it prompted to Repair option. By clicking Repair option it fixed the problem.
Solution 19 - Github
I found it in
C:\ProgramData\Jenkins\.jenkins
Jenkins Version: 2.319.2
Solution 20 - Github
Just use Jenkins > Configure Global Security bottom page matrix to provide permissions to the user (start w/ read)
Solution 21 - Github
I edited the /var/lib/jenkins/config.xml file and replaced the
<authorizationStrategy>...</authorizationStrategy>
with
<authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
<denyAnonymousReadAccess>true</denyAnonymousReadAccess>
</authorizationStrategy>
It is the default settings after installation. Then restart the jenkins service.