Summary
This article describes how to fix an issue with the ACL of the EC-Admin property when running EC-Admin plugin procedures.
Problem
When running EC-Admin procedures you may get the following error:
Job error [AccessDenied]: none of the principals in this authentication context ('project: EC-Admin-2.27.3.475', 'project: EC-Admin-2.27.3.475') have all the required privileges (read privilege on property 'EC-Admin', modify privilege on property 'EC-Admin') to perform the operation
Solution
EC-Admin property is a server level property so there is no direct way to access ACL definitions of it.
To modify it you have to complete the following steps:
-
Login with admin permissions to ectool - ectool login <user> <passwd>
-
Run the following command - ectool getProperty /server/propertySheet/“EC-Admin”
and you will get a similar output:
<property>
<propertyId>de16fb33-4716-11e7-be59-2e9a20524153</propertyId>
<propertyName>EC-Admin</propertyName>
<createTime>2017-06-01T22:08:39.884Z</createTime>
<lastModifiedBy>admin</lastModifiedBy>
<modifyTime>2017-06-01T22:08:39.884Z</modifyTime>
<owner>admin</owner>
<tracked>1</tracked>
<propertySheetId>de16fb34-4716-11e7-be59-2e9a20524153</propertySheetId>
</property>
-
Identify the UUID of the property which is inside <propertyId> tag - <propertyId>de16fb33-4716-11e7-be59-2e9a20524153</propertyId>
-
Insert the UUID for the propertySheet and your commanderServerName in the following URL:
https://\<commanderServerName>/commander/link/updatePropertySection/propertySheets/<UUID>?propertyName=EC-Admin&s=Administration&ss=Server
After you will be able to get to Access Control page for this property
You should add the EC-Admin project to this ACL:
After completing all descibed steps you should not run into “AccessDenied” error for accessing EC-Admin property.
Please contact support@cloudbees.com if you have questions.
0 Comments