Skip to content

Runner permissions are broken

Running 9.1 (dashboard thingy shows all is up to date). runner is basic shared docker config

First, for some reason CI will trigger jobs even if user do not actually have permissions to do required steps to actually make successful build.

For example, as an admin I can trigger build for a project I do not belong. Runner will run, and fail on cloning the repo with permission error:

remote: Access denied
fatal: unable to access 'https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@git.xxx.yyy/zzz/eee.git/': The requested URL returned error: 403

even tho, as admin, I can clone repo manually without problems

It should either:

* Run (as I'm admin) with required permissions to actually finish job
* Do not run at all (as I do not belong to the project) and return error/warning

not be in limbo with completely unhelpful messages

Other problem is that Developer permission allows to run job correctly, Owner permissions also works but users with Master permission on project get same 403 error