This article helps you troubleshoot NextGen permissions issues.
Managing permissions granularly is often challenging, mainly when we apply the principle of least privilege; the principle means giving a user only those privileges which are essential to perform its intended function.
It is very common to encounter unexpected exceptions when we start from this principle on Harness or other platforms.
For example: The user in theory, has permission to run the pipeline but for some reason is getting an error message.
Missing permission core_template_access on template with identifier <MY_IDENTIFIER>
User not Authorized: FOR SECRET with identifier <MY_IDENTIFIER>, these permissions are not there: [core_secret_access]
User not Authorized: FOR CONNECTOR with identifier <MY_IDENTIFIER>, these permissions are not there: [core_connector_access]
Resources such as connectors, templates, secrets, and others are considered shared resources; they are usually reused at various levels of hierarchy, such as Account, Organization, and Project, which generally confuses many people.
For example, the user has permission to access templates/connectors at a project level, but the resource that the user needs is located at an account level. Therefore, the user does not have permission to access this resource.
The solution, in this case, would be to assign a role to the user with account-level permissions.
Note: The image above has fewer features than your screen, just to focus on the example.
Refer to: Harness Role-Based Access Control Quickstart - Harness.io Docs
Also, make sure your role has the desired scope. You need to use a broader scope to reflect a role for projects and organizations, such as All Resources Including Child Scopes. This is configured when assigning the role to the user or a user group. Take a look at this article for more information regarding scopes: Add and Manage Resource Groups - Harness.io Docs
This article covers in a fundamental way, how to solve the most common errors related to permissions issues. If you have any suggestions on how to improve this article, or helpful and specific examples of permissions related issues that may be of use to others, please leave a comment with the information as this document is intended to evolve over time.
If this article cannot resolve your issue, don’t hesitate to contact us here: firstname.lastname@example.org – or through the Zendesk portal in Harness SaaS.