I log into hudson as an admin but the left hand column remain the same as a normal non-admin user. I have tried -
Delete the account and create new one with all the admin rights.
delete all cookies
Tried on different browsers
Type in the link for the configuration page, which throw a "missing the ExtendedRead permission" error.
None of the above work, anyone have any suggestion on the issue?
Just to put together what I now so far. Please fill the baps if there are any.
You use the Extended Read Permission Plugin
Configured a user in Hudson. Do you use "Hudson's own user database" than or something else?
The plugin description says it adds a column to the "Matrix-based security" or "Project-based Matrix Authorization Strategy" authorization stream. Do you use one of these two?
Now I am getting confused about what you are missing for an Admin. I use the "Project-based Matrix Authorization Strategy". When I am configured only with the global administration permission. I have full control over Hudson and all jobs running on Hudson.
To be able to help you, please describe you setup as it pertains to the authorization settings in detail. Do you have other plugins installed that might interfere here?
Related
When I log in with an account which does not belong to the expected domain, this message is shown (which is correct).
I think this message is kind of ugly and not understandable for a non-developer person. Is there a way to modify this message in the Google Cloud Console or inside the OAuth code? I would like to display for example:
The email you used does not belong to the happy.com domain.
I fount this Feature Request In the Public Issue Tracker, and there they suggest to follow the steps of Customize the rejected-app message. Basically it mentions:
Your current account, user#domain.com, doesn't have permission to do these steps. To continue, switch to an administrator account. This will open the Google Admin console.
Switch to administrator account now or Learn more
From the Admin console Home page, go to "" and then Security and then API controls.
Under App access control, go to the Settings section.
Type your custom text in the box under the following message: Show this message if a user tries to use an app that can’t access restricted Google services.
Click SAVE.
If this doesn't make it, I would recommend you to comment on that FR in which they mentioned:
I have filed this feature request internally.
You might also want to ‘star’ the FR to ensure that you receive updates about it. You can also adjust notification settings by clicking the gear icon in the top right corner and selecting settings.
Please can you help me, I'm receiving this error when I'm trying to deploy a google cloud function:
HTTP Error: 400, Default service account 'project-name#appspot.gserviceaccount.com' doesn't exist. Please recreate this account (for example by disabling and enabling the Cloud Functions API), or specify a different account.
The command used to deploy is:
firebase deploy --only functions
A temporary solution is fine, but if you can help me to solve it permanently is better.
Thanks in advance.
In my case, the App Engine default service account was deleted. It looks like this: {project_id}#appspot.gserviceaccount.com
So I had to restore the service account like this:
You can now recover the deleted service accounts from https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts/undelete
you have to get the UniqueID of the service account from https://console.cloud.google.com/home/activity
Source: https://stackoverflow.com/a/55277567/888881
The API explorer is an easy way to use the IAM API: https://developers.google.com/apis-explorer/#p/
I was struggling to resolve this issue, then I raised a case with Google.
here is a detailed article of my learnings :
https://medium.com/#ashirazee/http-error-400-default-service-account-appspot-gserviceaccount-com-accd178ea32a
Firstly navigate to Google Cloud Platform and view your service accounts.
try and find <project_id>#appspot.gserviceaccount.com' in your list of service accounts for the firebase project, it is linked to the App Engine.
if '#appspot.gserviceaccount.com' is missing you can not deploy anything(SEE EMAIL WITH GOOGLE BELOW), if it isn't, check and see if it's enabled, try disabling it and enabling it again.
#appspot.gserviceaccount.com is pre-installed by default, regardless of a paid account or not. try and recall if at any time you may have deleted it after or before deployment.
Now if you have for any reason deleted it over a period of more than 30 days than you can not retrieve it, and you must create a new firebase project. However, if it is within 30 days you can undelete it.
EMAIL FROM GOOGLE:
Email #1
"
Hello Ali
I am checking the logs of your project, unfortunately the service account was deleted on Ma, there is no chance to recover it nor recreate it
The only workaround available is to create a new project and deploy the service desired there. I know this could not be the best option for you nevertheless it is the way this works by design.
Do not hesitate to write back if you have more questions.
Cheers,"
Email #2,
"Hello Ali
I am glad to read that you have been able to deploy your functions successfully, unfortunately that service account cannot be recovered after 30 days of being deleted and that is the only solution. If you have other questions, please let us know by contacting us again through our support channel.
Cheers,"
lastly here is a helpful command line that will help you debug this, however, it won't help if there is no service account, it'll just highlight the obvious:
firebase deploy --only functions --debug
this was my error:
"HTTP Error: 400, Default service account '<project_id>#appspot.gserviceaccount.com' doesn't exist. Please recreate this account (for example by disabling and enabling the Clo
ud Functions API), or specify a different account."
Following the error message, you could enable the API by console accessing this url and enable the api.
Or by gcloud command:
gcloud services --project <project_id> enable cloudfunctions.googleapis.com
As the other stated, sadly, you need to use the default service account.
If within the 30 days period, you can use this tutorial to find and undelete the service acc: Read this guide to get https://cloud.google.com/iam/docs/creating-managing-service-accounts#undeleting_a_service_account
You have to enter the commands through the Google Cloud Console (one of the buttons will open a terminal on the right of the top blue app bar)
try to select Google Cloud Platform (GCP) resource location in Setting of Firebase. enter image description here
So I just wanted to see a website I created with Wordpress and I got this message :
Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
It used to work just fine and I haven't changed a single thing. A pop-up window asks for a username/password and the one I use to access WP configuration does not work. Any idea?? I'm pretty scared I got hacked or something.
Delete the .htaccess file and save permalink again.
If you havent changed anything, probably this is a problem from the host. Send them a ticket or use live chat.
I have had a user with browser role which has been able to make subscriptions but he has not seen CC and BCC fields. Because of that, I added Content Manager role for him to all folders and reports and after that, he cannot make more subscriptions or manage reports in any way. He gets error
"The permissions granted to user 'domain\username' are insufficient for performing this operation". Now he can only see the reports.
Do you have any idea?
Browse to Site Settings, Configure item level role definitions.
Then check what settings you have for Content Manager. Maybe someone removed them.
When I added a role also to the Home folder then it starts working. I don't know why, before this was not needed.
I get 403 access_denied_insufficient_permissions error when trying to access a file present on box enterprise admin account.
We use the "as-user" header to access files of any user on the enterprise. In our case, bob#acme.com is the admin user and he gave access to my box application the permission to access any files. If I try to access files on bob's account using "As-user" or "On-behalf-of: bob#acme.com" header, I get access denied error. If I do not use this header, I am able to access the documents. I don't think this is a valid work around for this issue as we do not know at run-time if a user is admin or a regular user. Have any of you run into this issue?
Box recently made a change in their Oauth token scopes. Every app now carries an additional setting to allow the app to have scope level of managing the enterprise. You need to enable that on your app and then see what happens. It should work, I think.
We faced the same issues a few days back and due the above suggested change worked for us. Here is the announcement from box.
I have this issue as well. What you can do is to ask the Box API to get the current user and compare that userId to the one you are going to be running as. If they differ, add As-user header, otherwise don't.
It does require one extra API call (getCurrentUser), but it works.
It's a little silly, it seems it would be a very easy thing to fix on the box end.