WebService - Insufficient privileges.

pons...@gmail.com

unread,

Mar 20, 2017, 7:41:13 AM3/20/17

to SonarQube

Hi

When I try to get the list of projects using web service API, i got the error "Insufficient privileges".

How to add the privilages to access this API.

I have used "basic Auth" authentication with "Admin" access.

http://localhost:9000/api/permissions/users?permission=admin&projectId=03c671c1-209a-4f50-8610-1a51425b3562

API Response:

{

"errors": [

{

"msg": "Insufficient privileges"

}

]

}

G. Ann Campbell

unread,

Mar 20, 2017, 8:20:39 AM3/20/17

to SonarQube, pons...@gmail.com

Hi,

Since it looks like you're using a browser, the easiest thing to do is to log in to the UI first. But if you don't have access to these things through the UI, you're not going to be able to get them using web services.

Ann

pons...@gmail.com

unread,

Mar 21, 2017, 12:53:07 AM3/21/17

to SonarQube, pons...@gmail.com

hi Ann,

Im able to login to Server (http://localhost:9000) using admin/admin login credentials.

But Im not able to access the web service using this credentials.

Is there any more privileges is required to access the web service?

G. Ann Campbell

unread,

Mar 21, 2017, 3:56:58 AM3/21/17

to pons...@gmail.com, SonarQube

Hi,

That ought to work. How about some details on exactly how you're making the call?

Ann

---

G. Ann CAMPBELL | SonarSource

Product Manager

http://sonarsource.com

--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/OMfFm1D8ILY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/94435b2f-a048-4645-8380-7e1f52fdcff4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

pons...@gmail.com

unread,

Mar 23, 2017, 12:36:12 AM3/23/17

to SonarQube, pons...@gmail.com

Hi Ann

I am using the browser app "Postman" Rest Client to invoke the web service.

From this REST client below URL is failing with "Insufficient Privileges" response.

URL - http://localhost:9000/api/permissions/users?permission=codeviewer&projectId=03c671c1-209a-4f50-8610-1a51425b3562

HTTP GET

Basic Authorization: admin/admin

API Response:

{
  "errors": [
    {
      "msg": "Insufficient privileges"
    }
  ]
}

But using same Postman REST Client, Im able to get response for below API:

GET URL - http://localhost:9000/api/projects/index?format=json

Basic Authorization - admin/admin

API Response:



[
  {
    "id": "481",
    "k": "com.sample.internal.test.55555.bhuvanasecondproj.java",
    "nm": "BhuvanaSecondProj",
    "sc": "PRJ",
    "qu": "TRK"
  },
  {
    "id": "254",
    "k": "com.sample.internal.55555.bhuvanatestid.java",
    "nm": "BhuvanaTestID",
    "sc": "PRJ",
    "qu": "TRK"
  }
]

Can you let me know what could be the cause for "Insufficient Privileges" response for first API call?

Thanks

To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.

G. Ann Campbell

unread,

Mar 23, 2017, 3:34:39 AM3/23/17

to Suresh P, SonarQube

Hi,

What version of SonarQube are you using. I don't see an /api/permissions/users service: https://sonarqube.com/web_api/api/permissions

Ann

---

G. Ann CAMPBELL | SonarSource

Product Manager

http://sonarsource.com

To unsubscribe from this group and all its topics, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/ede09aca-de1e-4ea0-8e69-5a035a530b9a%40googlegroups.com.

pons...@gmail.com

unread,

Mar 23, 2017, 3:45:24 AM3/23/17

to SonarQube, pons...@gmail.com

Hi Ann,

Im Using SonarQube v5.6.3.

Is there any webservice API available to get the list of Users for a specific project based on a role (admin, codeviewer, etc)?

G. Ann Campbell

unread,

Mar 23, 2017, 3:51:32 AM3/23/17

to Suresh P, SonarQube

Hi

search_project_permissions is probably what you want.

Ann

---

G. Ann CAMPBELL | SonarSource

Product Manager

http://sonarsource.com

To unsubscribe from this group and all its topics, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/02a06432-c44b-4211-8884-77a943398e09%40googlegroups.com.

pons...@gmail.com

unread,

Mar 23, 2017, 8:28:53 AM3/23/17

to SonarQube, pons...@gmail.com

Thanks Ann.

I tried to invoke the URL http://localhost:9000/api/permissions/search_project_permissions using POSTMAN Rest Client from Browser and got "unauthorized error".

Tried with Basic Authentication of admin/admin.

{
  "err_code": 401,
  "err_msg": "Unauthorized"
}

Is there any authorization required to access this web service?

Thanks

G. Ann Campbell

unread,

Mar 23, 2017, 9:01:25 AM3/23/17

to Suresh P, SonarQube

What did the docs say about that?

---

G. Ann CAMPBELL | SonarSource

Product Manager

http://sonarsource.com

To unsubscribe from this group and all its topics, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/60e3d5f8-c691-483f-85c5-c39af875f0ce%40googlegroups.com.

pons...@gmail.com

unread,

Mar 24, 2017, 2:40:14 AM3/24/17

to SonarQube, pons...@gmail.com

Hi Ann,

Im able o access the API url http://localhost:9000/api/permissions/search_project_permissions now.

But in the response, it gives only the total number of users (ie., usersCount) for each permission.

But I need to get list of UserIds for each permission?

Is there any other API to return this information?

Also what is the functionality of another API - http://localhost:9000/api/permissions/users?permission=admin ?

API Response of search_project_permissions:

 {"projects": [{
 "id": "ec17c42a-0e33-4f71-98ec-08b586493298",
 "key": "com.internal.sample.abc.59911.sea.java",
 "qualifier": "TRK",
 "name": "dummy",
 "permissions": [{
 "key": "admin",
 "usersCount": 2,
 "groupsCount": 0
 }, {
 "key": "codeviewer",
 "usersCount": 2,
 "groupsCount": 0
 }, {
 "key": "issueadmin",
 "usersCount": 2,
 "groupsCount": 0
 }, {
 "key": "scan",
 "usersCount": 2,
 "groupsCount": 0
 }, {
 "key": "user",
 "usersCount": 2,
 "groupsCount": 0
 }]
 }]
 }

G. Ann Campbell

unread,

Mar 24, 2017, 3:07:24 AM3/24/17

to Suresh P, SonarQube

Hi,

It looks like I did misunderstand the sample response for that service and the answer you've gotten on this topic in your other thread is the right one.

Ann

---

G. Ann CAMPBELL | SonarSource

Product Manager

http://sonarsource.com

To unsubscribe from this group and all its topics, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/8e6714d4-c0c2-4f0a-8afe-4c798d2c36d0%40googlegroups.com.

pons...@gmail.com

unread,

Mar 24, 2017, 4:48:37 AM3/24/17

to SonarQube, pons...@gmail.com

HI Ann,

In the other thread, Julien has mentioned that there is no Public API available for this functionality.

But the URL http://localhost:9000/api/permissions/users?permission=admin&projectId=b0d38cc3-9bd7-466b-9f12-a12a43095910, gives the list of users for a specific project id and Permission. Is this a Public API?

Sample API Response:

{
  "paging": {
    "pageIndex": 1,
    "pageSize": 100,
    "total": 2
  },
  "users": [
    {
      "login": "admin",
      "name": "Administrator",
      "email": "",
      "selected": true
    },
    {
      "login": "3168837",
      "name": "James",
      "email": "ja...@abc.com",
      "selected": true
    }
  ]
}