问题
When opening my Jenkins in the URL I cant seem to log in it throws out the message "User is missing the Overall/Read permission". I have tried the answer from a similar question but disabling the security does not work. Jenkins continue's to throw out the error. Somebody recommended that I remove the file all together but also failed. Any other solution anybody could supply me with?
Posts I have visited already include: Jenkins Wiki
回答1:
Edit the /var/lib/jenkins/config.xml file and add you as an Admin as follows:
<authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy">
.
.
<permission>hudson.model.Hudson.Administer:***Here is your username***</permission>
.
.
</authorizationStrategy>
Don't forget to go to restart the Server. Hope this helps!
回答2:
I discovered one additional scenario where this might occur:
I had a user that was defined with an all lowercase username (e.g. "john.doe"), but when this user was assigned a role their username was entered with different casing (e.g. "John.Doe"). In this case, the user was able to login, but the role was not associated correctly and therefore the overall/read permission was not granted.
To fix this, I simply deleted the bad record for the role assignment and recreated it with proper casing.
回答3:
Disabling Security One may accidentally set up security realm / authorization in such a way that you may no longer able to reconfigure Jenkins. When this happens, you can fix this by the following steps: Stop Jenkins (the easiest way to do this is to stopthe servlet container.) Go to $JENKINS_HOME in the file system and find config.xml file. Open this file in the editor. Look for the <useSecurity>true</useSecurity> element in this file. Replace true with false Remove the elements authorizationStrategy and securityRealm Start Jenkins When Jenkins comes back, it will be in an unsecured mode where everyone gets full access to the system. If this is still not working, trying renaming or deleting config.xml.
above was quoted from https://jenkins.io/doc/book/system-administration/security/
So Once we come back to jenkins in unsecured mode we need to delete the users and add a new user .
回答4:
In Windows: When I've enabled the LDAP under Global security, I lost my admin right too. with error as "Access Denied is missing the Overall/Read permission jenkins windows".
In such case, Please retain the existing instance, have a new jenkins install on someother machine or VM. Copy the config.xml from Jenkins_Home and replace it with config.xml from your Jenkin_Home directory. While performing this, ensure Jenkins service is stopped. once replaced, Start the instance and VOILA.
回答5:
Restart your jenkins server using below command,
service jenkins restart
It works for me.
回答6:
[Project-based Matrix Authorization Strategy related]
Hello there, the same error happened to me when I unchecked the global/read permission for anonymous.
If you are using the project based matrix ahtorization plugin, for an unclear reason, this read permission seems to be required by the plugin.
回答7:
In my case (Jenkins v 2.205) I edited JENKINS_HOME in jenkins.xml in windows, to move the workspace due to a bug from angular / webpack in a project. What I didn't realize is that you must move a whole host of files and folders, not just workspace and jobs subfolders. Here's a list of what I ended up moving to the new location (with Jenkins stopped, of course):
- [folder] fingerprints
- [folder] jobs
- [folder] logs
- [folder] nodes
- [folder] plugins
- [folder] secrets
- [folder] tools
- [folder] updates
- [folder] userContent
- [folder] users
- [folder] workflow-libs
- [folder] workspace
- [file] .lastStarted
- [file] config.xml
- [file] credentials.xml
- [file] **plugin-configuration.xml (any file that is configuring one of your plugins)
- [file] hudson.*.xml (all hudson files)
- [file] identity.key.enc
- [file] jenkins.* (all Jenkins files)
- [file] locale.xml
- [file] nodeMonitors.xml
- [file] org.*.xml (all org config files)
- [file] queue.xml
- [file] scriptApproval.xml
- [file] secret.key
- [file] secret.key.not-so-secret
I'm not entirely sure if ALL of them were required, but I'm pretty sure all the hudson, jenkins and users/secrets/credentials are needed
回答8:
I was also having the same issue. Adding fresh roles from Manage and assign Roles section and assigning them to the users worked for me.
来源:https://stackoverflow.com/questions/36838867/jenkins-overall-read-permission