Access Denied - user is missing the Overall/Read permission #322
Comments
|
Hi @rcaballo FYI , U can uncheck anonymuous after that u can see i have the same setting for my users . Please make sure that u have check the disable graph integration .
above image u can see i have marked check to the Administer box for myself Yadav ravi and for other user as well .
in the above image clearly u can see managed jenkins is missing for the user having Administer access. If have u any fix for that then please let me know . |
|
Hi, we are facing the same issue on our environment. |
|
Has anyone fixed this bug yet? I'm having the same issue, when I remove the Administrator checkbox from the Authenticated users and I try to login I get the following error "Access Denied - user is missing the Overall/Read permission". There has to be a fix to this issue or is there an alternative fix? |
|
Hi there, may I know any update about this issues? I try the latest and spend many hours and have the same error message as this screen. It is so upset that AAD plugin doesn't work.... |
|
Each use-case is specific to how you set it up. It should work just fine if you follow the docs in the README. We have it running with group based authorization just fine. |
|
Hello @timja , I followed every steps in README and my situation has some difficult to use group based authorization while the readme said UPN is allowed. |
|
Hi @timja , thanks for sharing. |
Jenkins and plugins versions report
Jenkins: 2.374
OS: Linux - 3.10.0-1160.71.1.el7.x86_64
ace-editor:1.1
active-directory:2.27
ansicolor:1.0.2
ant:481.v7b_09e538fcca
antisamy-markup-formatter:2.7
apache-httpcomponents-client-4-api:4.5.13-138.v4e7d9a_7b_a_e61
authentication-tokens:1.4
authorize-project:1.4.0
azure-ad:267.v5b_dfb_514d9fd
azure-sdk:118.v43f74dd9ca_dc
What Operating System are you using (both controller, and any agents involved in the problem)?
Linux - Centos 7
Jenkins latest version
Azure AD plugin latest version.
Reproduction steps
1) Configure Azure AD plugin with:
- Application (client) ID
- Secret Value
- Directory (tenant) ID
2) Configure Azure APP registration/API permissions/Microsoft Graph
Directory.Read.All | Delegated | Read directory data | Yes | Granted
Directory.Read.All | Application | Read directory data | Yes | Granted
Group.Read.All | Delegated | Read all groups | Yes | Granted
Group.Read.All | Application | Read all groups | Yes | Granted
People.Read | Delegated | Read users' relevant people lists | No | Granted
People.Read.All | Application | Read all users' relevant people lists | Yes | Granted
User.Read.All | Delegated | Read all users' full profiles | Yes | Granted
User.Read.All | Application | Read all users' relevant people lists | Yes | Granted
3) Disable graph integration
4) Add "authenticated users" as administrators and save settings on Jenkins.
Now, still you have access to Jenkins (full permissions).
4) Change to "Azure Active Directory Matrix-base security"
5) untick "authenticated users" as administrators
Add my Azure user as administrator (Full permissions).
Expected Results
Just my Azure user can login to Jenkins as administrator.
Actual Results
Anything else?
Please, let me know how I can setup this correctly or fix the "bug" if need it.
Thanks.
The text was updated successfully, but these errors were encountered: