Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-21707

Project access check doesn't work for groups


    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Low Low
    • 8.2.1, 8.1.5
    • 8.2.0, 8.1.4
    • Permissions
    • None

      Issue Summary

      Non admin users are unable to access projects if view permission is granted to group.

      Plan permissions are no longer working .

      Initially the issue was reported as, after upgrading Bamboo to 8.1.4 the plan permission of non admin users was messed up. However the same permission issue is seen on a clean install of Bamboo 8.1.4 as well.

      It is happening for both Active Directory and internal user directory as well.

      Users in particular group are able to access the project, list plans, see the most recent build results, number of tests, but on navigating to plan pages, receive a message stating "Access denied".

      Steps to Reproduce

      1. Spin up a Bamboo 8.1.4 instance
      2. Login as an admin
      3. Create a sample project and a plan inside it.
      4. Add users via Active directory or create a user via GUI.
      5. Add the user to the group.
      6. Provide “Access” permission to the group and user.
      7. Navigate to project permissions and grant the group “view” permission.
      8. Navigate to the plan permissions , via Actions->Configure plan->Permissions . Provide the group view access.
      9. Log out as admin
      10. Login as the user created via step 4.
      11. User can access the project, list plans, see the most recent build results, number of tests.
      12. Click on the plan

      Note :- Even if we provide admin rights to the group in project and plan permissions , still the plan is not accessible.

      Expected Results

      Plan details should appear

      Actual Results

      Users are receiving an error message stating "Access denied".

      At this moment, the following log entry appears in atlassian-bamboo.log:

      atlassian-bamboo.log:2022-04-07 14:39:12,659 WARN [https-openssl-nio-443-exec-17] [AuthorizationLoggerListener] Authorization failed: org.acegisecurity.AccessDeniedException: Access is denied; authenticated principal: org.acegisecurity.adapters.PrincipalAcegiUserToken@1038be50: Username: EmbeddedCrowdUser{name='security.viewer', displayName='Security Viewer', directoryId=65537}; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_USER; secure object: ReflectiveMethodInvocation: public abstract boolean com.atlassian.bamboo.plan.PlanManager.assertPlanPermission(com.atlassian.bamboo.plan.PlanIdentifier); target is of class [com.atlassian.bamboo.plan.PlanManagerImpl]; configuration attributes: [ACL_BUILD_READ]

      Workaround 1

      This workaround involves giving elevated access to affected users/groups which gives the highest level of access to the Bamboo instance. It will likely not be suitable for the majority of environments. Please evaluate it carefully within the context of security restrictions that are required for your instance.

      • Grant the users or groups global admin access to Bamboo.

      Workaround 2

      • Download the patch file atlassian-bamboo-web-8.1.4-BAM-21707.jar
      • Move  the file on <BAMBOO_INSTALL_DIR>/atlassian-bamboo/WEB-INF/lib/atlassian-bamboo-web-8.1.4.jar outside the location of the lib folder
      • Copy  the downloaded atlassian-bamboo-web-8.1.4-BAM-21707.jar to <BAMBOO_INSTALL_DIR>/atlassian-bamboo/WEB-INF/lib/
      • Restart Bamboo 

        1. atlassian-bamboo-web-8.1.4-BAM-21707.jar
          2.29 MB
        2. accessdenied.png
          64 kB
        3. 3-1.PNG
          88 kB
        4. 3 (1).PNG
          3 (1).PNG
          25 kB
        5. 3.png
          136 kB
        6. 2-1.PNG
          74 kB
        7. 2.png
          106 kB
        8. 1-1.PNG
          63 kB
        9. 1.png
          92 kB

            mgardias Marcin Gardias
            f84a05b06223 Anik Sengupta
            0 Vote for this issue
            10 Start watching this issue