Scheduler Job did not have enough permission to write to the svn

I have a job script that is executed every 5 minutes by the scheduler. This script search for specific Workitems and change them. The script is working well if I execute it manually because then I am the “current User” and have enough permissions to write in the svn. BUT if the scheduler execute it the current user is: “polarion” and he did not have write acces to the svn which is a bit strange but ok. The error is:

    Caused by: com.polarion.platform.service.repository.driver.DriverException: Sorry, you do not have access to the Subversion Repository. Please contact your Polarion or Subversion administrator if you need access.
    at com.polarion.platform.repository.driver.svn.internal.JavaSvnDriver.handleSVNException(JavaSvnDriver.java:1732)
    at com.polarion.platform.repository.driver.svn.internal.JavaSvnDriver.endActivityImpl(JavaSvnDriver.java:1564)
    at com.polarion.platform.repository.driver.svn.internal.JavaSvnDriver.endActivity(JavaSvnDriver.java:1496)
    at com.polarion.platform.internal.service.repository.Connection.commit(Connection.java:736)
    ... 42 more
    Caused by: org.tmatesoft.svn.core.SVNAuthenticationException: svn: E170001: CHECKOUT of '/repo/!svn/ver/54/Sandbox/7023/.polarion/tracker/workitems/100-199/7023-193/workitem.xml': 403 Forbidden (http://localhost)
    at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:68)

I can´t find the user “polarion” in the user Management so I could not give him more rights. Is it possible to execute the write access from a other user or something similar?

Answer

the user “polarion” is used internally for reading information from Polarion’s SVN Repository. It usually not writing (“committing”) into the repository as this is usually done under the useraccount of the logged-in user. There are two solutions to your problem:

1. The quick and easy fix: modify the svn access file, so that polarion user has write access to the repository. This is quite easy doable from Polarion itself with the build-in access editor under administration->user management->access management. This is potentially unsafe as the password of the polarion user is in cleartext in a config file on the server so anybody with access to the server can modify the SVN-Repository.

2. use the ISecurityService.doAsUser(..) function to perform your action as a different user. Usually you can put the credentials into the Polarion Vault to retrieve them without exposing usernames and passwords. Here is an example:

    subject = securityService.loginUserFromVault(vaultKey, vaultKey);
    retVal = securityService.doAsUser(subject, new PrivilegedAction<Object>() {
      public Object run() {
        Object ret = null;
        try {
          ret = doAction();
          return ret;
        }
      }
    });
   

Needless to say the second method is the safer way to work, but it is more work as well 🙂