KBEC-00419 - Accessing EC-Admin ACL properties

Summary

This article describes how to fix an issue with the ACL of the EC-Admin property when running EC-Admin plugin procedures.

Problem

When running EC-Admin procedures you may get the following error:

Job error [AccessDenied]: none of the principals in this authentication context ('project: EC-Admin-2.27.3.475', 'project: EC-Admin-2.27.3.475') have all the required privileges (read privilege on property 'EC-Admin', modify privilege on property 'EC-Admin') to perform the operation

Solution

EC-Admin property is a server level property so there is no direct way to access ACL definitions of it.

To modify it you have to complete the following steps:

  1. Login with admin permissions to ectool - ectool login <user> <passwd>

  2. Run the following command - ectool getProperty /server/propertySheet/“EC-Admin”

and you will get a similar output:

<property>
      <propertyId>de16fb33-4716-11e7-be59-2e9a20524153</propertyId>
      <propertyName>EC-Admin</propertyName>
      <createTime>2017-06-01T22:08:39.884Z</createTime>
      <lastModifiedBy>admin</lastModifiedBy>
      <modifyTime>2017-06-01T22:08:39.884Z</modifyTime>
      <owner>admin</owner>
      <tracked>1</tracked>
      <propertySheetId>de16fb34-4716-11e7-be59-2e9a20524153</propertySheetId>
</property>
  1. Identify the UUID of the property which is inside <propertyId> tag - <propertyId>de16fb33-4716-11e7-be59-2e9a20524153</propertyId>

  2. Insert the UUID for the propertySheet and your commanderServerName in the following URL:

https://\<commanderServerName>commander/link/accessControl/propertySheets/<UUID>?objectType=propertySheet

After you will be able to get to Access Control page for this property

Note: Workaround for older versions of the product where the solution does not work

In this case, you might need to change the URL proposed in the previous section (step 4) and use:

https://\<commanderServerName>/commander/link/updatePropertySection/propertySheets/<UUID>?propertyName=EC-Admin&s=Administration&ss=Server

You should add the EC-Admin project to this ACL:

After completing all descibed steps you should not run into “AccessDenied” error for accessing EC-Admin property.

Please contact support@cloudbees.com if you have questions.

Have more questions?

0 Comments

Please sign in to leave a comment.