9

ERROR: You authenticated successfully to https:<chef_server_url> as <user> but you are not authorized for this action Response: missing create permission

I'm running a pretty basic bootstrap command for a Windows AWS instance

knife bootstrap windows winrm ....

Currently running the Chef server on-site and not hosted at this time. I also get the same error using knife to attempt to create a new group. I SSH'd into the Chef server and verified my user is listed when I run

sudo chef-server-ctl list-server-admins

so it appears I have been granted server-admins permissions. I also see the same errors when trying to view and create things via the web UI. I've been going in circles almost all day trying to resolve this with no luck

TechDawg270
  • 725
  • 3
  • 9
  • 20

3 Answers3

7

Well, this turned out to be pretty simple after all. From the terminal on the Chef server:

sudo chef-server-ctl org-user-add <org> <user> --admin

Docs - https://docs.chef.io/server_users.html

I was able to add myself to the admins group and handle other permission related task from there

TechDawg270
  • 725
  • 3
  • 9
  • 20
  • I would like to add that, although this command may print the following output, it still succeeds in adding the user to the admin group: `User already associated with organization ` – jayhendren May 08 '18 at 23:44
3

The server-admins group means you have permission to create and modify orgs/users, for operations within a single org (like creating a new client during bootstrap) you need ACLs within that org. Generally you get this by being a member of the admins group in that org, but you can also assign yourself specific permissions manually.

coderanger
  • 52,400
  • 4
  • 52
  • 75
  • 1
    ACLs appear to be the answer but I can't find much info out there other than the knife acl GitHub ReadMe. None of the commands I try work due to permissions errors. Any detailed advice on what to run or how I can go about doing this myself? I am in the sudoers group on the chef server. On a side note, I really look forward to the day we move to hosted after this initial POC – TechDawg270 Nov 17 '16 at 20:50
0

I had this problem when my config.rb was misconfigured:

chef_server_url "https://chefserver.domain.com/organizations/org/organizations/"

I corrected this and it started running correctly.

Dicky Moore
  • 956
  • 3
  • 10
  • 32