The following stacktrace -or a similar one - appears on the build console logs after running a backup job.
Started by user ajones Building in workspace /Users/fbelzunc/cloudbees/plugins/infradna-backup-plugin/work/jobs/backup-job/workspace This job was last saved by a user without the right level of permission. Please, configure the backup job with an user with the right permission. ERROR: Build step failed with exception hudson.security.AccessDeniedException2: ajones is missing the Overall/RunScripts permission at hudson.security.ACL.checkPermission(ACL.java:63) at hudson.model.Node.checkPermission(Node.java:441) at com.infradna.hudson.plugins.backup.store.LocalFileStore.create(LocalFileStore.java:59) at com.infradna.hudson.plugins.backup.BackupBuilder.doPerform(BackupBuilder.java:156) at com.infradna.hudson.plugins.backup.BackupBuilder.perform(BackupBuilder.java:143) at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20) at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:785) at hudson.model.Build$BuildExecution.build(Build.java:205) at hudson.model.Build$BuildExecution.doRun(Build.java:162) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:537) at hudson.model.Run.execute(Run.java:1741) at hudson.model.Build.run(Build.java:113) at hudson.model.ResourceController.execute(ResourceController.java:98) at hudson.model.Executor.run(Executor.java:408) Build step 'Take backup' marked build as failure Finished: FAILURE
- CloudBees Jenkins Enterprise (CJE)
- CloudBees Jenkins Operation Center (CJOC)
- CloudBees Backup Plugin
- Any of the Matrix-based Authorization strategies including: Matrix-based security, Project-based Matrix Authorization or Role-based matrix authorization (CloudBees RBAC plugin)
This is usually the result of either a permission or an authentication issue.
Backup jobs need to be saved by an user with current
Overall/RunScripts permission. If this job was saved by an user with this permission and now you are getting this stacktrace, probably this user lacks now the
Save this BackUp job with an user with
Overall/RunScripts permission. To achieve this:
1) Log in the instance with a User with
2) Go to this BackUp job > Configure > Save it. Optionally, you could edit the current configuration as you wish.
3) Run this BackUp job. It should work.
The issue could might happen as well when the user who saved the job is mapped with a Jenkins external group on the Security realm - and this one is not correctly configured. To workaround the issue you can just map the user with the corresponded Jenkins group instead of using an external group.
In case you are sure that the backup job was saved by an user with the right permission, then this issue might be that the Security Realm is not correctly configured. Even if whoAmI is reporting that this user is a member of the groups, it might happen that the authentication plugin you are using is not reporting correctly the groups: i.e LDAP plugin is configured with Group membership attribute= memberOf but this configuration is wrong.
A logger for
com.infradna.hudson.plugins.backup can be created to check the GrantedAuthorities for the user who is trying to build the backup job.
User ajones was found on the BackupBuilder descriptor. Authentication details are: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@c1671d8b: Username: ajones; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_INSERTIONORDER, ROLE_SALES, authenticated, china_adsense, insertionorder, ROLE_ADVERTISING, advertising, adops, ROLE_BRODATE, brodate, ROLE_SFOFFICE, ROLE_EVERYONE, sales, ROLE_ADOPS, everyone, ROLE_CHINA_ADSENSE, sfoffice