Bamboo permissions are not correctly added when a task is created via Mibex Plan DSL plugin task

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

An Access denied error was thrown while editing the Bamboo Deployment environment when the Deployment project had a Mibex Plan DSL plugin task to create permissions. Even though you give EDIT permission on the script for the Deployment environment, it is not created with the necessary permissions to allow someone to edit the configuration. This is why you see the edit pen button, but when you visit the environment, it throws the "Access Denied". Also, that is the reason when you remove and re-add the group permission, it starts working as you are using Bamboo's native edit environment pages to do it, so it adds the permissions correctly.

Environment

Found with Bamboo 8.0.4 and  Mibex Plan DSL plugin 1.10.2

Diagnosis

You will get an "Access Denied" error when you visit the Bamboo Deployment environment edit page even though you have edit permission.

Cause

To edit a deployment environment in Bamboo would need  VIEW_CONFIGURATION and WRITE permissions in the backend. But when you create a Deployment Environment via plugin, it only adds the WRITE permission in the backend database and misses the VIEW_CONFIGURATION permission.

Solution

Option 1: Remove and re-add the environment permission

  1. Go to the impacted deployment environment as an admin user

  2. Remove the existing permissions and groups

  3. Re-add the group and permissions 

Option 2: Update the permission using Bamboo API

You use the Bamboo API to add the correct permission to the environment.

  1. Find the environment_id of the Deployment Environment that is not working,

    It can be found in the view environment URL

    1. For example, in this URL  http://mybamboo.com:8085/bamboo/deploy/viewEnvironment.action?id=3276814, 3276814 is the environment_id

  2. Call the REST API as an admin by replacing the <ADMIN_USER>,<PASSWORD>,<BAMBOO_URL>, <ENVIRONMENT_ID>,<GROUP_NAME>

1 curl -X PUT -H'Content-Type: application/json' -u <ADMIN_USER>:<PASSWORD> '<BAMBOO_URL>/rest/api/latest/permissions/environment/<environment_id>/groups/<group_name>' -d '"READ","WRITE"'

Updated on March 18, 2025
Platform
Data Center only
Product
Bamboo Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community