Failed to request and parse to my project: Response status code does not indicate success: 403

I run snarQube for several projects from azure Devops pipelines. Today, I created a new project in Azure Devops, added the 3 sonarqube steps as the other 2 projects with the same service connection and the right project key for the project I created in sonarqube. For this new 3rd project it fails in the prepare step with the following

17:56:45.122 Fetching analysis configuration settings…
17:56:45.136 17:56:45.136 WARNING: To analyze private projects make sure the scanner user has ‘Browse’ permission.
##[error]17:56:45.136 Failed to request and parse ‘http://myserver:9000/api/settings/values?component=ps-presidents-ci-BYImport’: Response status code does not indicate success: 403 ().
17:56:45.136 Failed to request and parse ‘http://myserver:9000/api/settings/values?component=ps-presidents-ci-BYImport’: Response status code does not indicate success: 403 ().

##[error]Unhandled Exception:
##[error]System.Net.Http.HttpRequestException: Response status code does not indicate success: 403 ().
at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
at SonarScanner.MSBuild.PreProcessor.WebClientDownloader.d__5.MoveNext()
— End of stack trace from previous location where exception was thrown —

and here is a snapshot when prepare executes correctly

C:\Projects\agent-AzureDevOps2K20Update15_work_tasks\SonarQubePrepare_15b84ca1-b62f-4a2a-a403-89b77a063157\5.8.0\classic-sonar-scanner-msbuild\SonarScanner.MSBuild.exe begin /k:ps-presidents-ci
SonarScanner for MSBuild 5.8
Using the .NET Framework version of the Scanner for MSBuild
Pre-processing started.
Preparing working directories…
17:47:05.806 Updating build integration targets…
17:47:06.027 Fetching analysis configuration settings…
17:47:07.266 Provisioning analyzer assemblies for cs…
17:47:07.267 Installing required Roslyn analyzers…
17:47:07.631 Provisioning analyzer assemblies for vbnet…
17:47:07.631 Installing required Roslyn analyzers…
17:47:07.663 Pre-processing succeeded.
Finishing: Prepare analysis on SonarQube

Hey there.

You should probably check the permissions of that project and make sure the account which is being used (that a token was generated for) for the service connection has Browse / Execute Analysis permissions.

Hello Colin, I have a service connection with the right sonar token used by the project collection where I have the project using and works fine. This is another project in the same collection and I using it for this 2nd project (service connections are project collection level). This what I understand from documentation.
I created a new token in sonarqueb, created another service connection in the Azure devops using this new token in the build pipeline and the pipeline went through correctly.
So the question is should we create a token for each and every project inside a project collection which I think should not be an easy task?

I forgot to mention hat that the 1st service connection in awure devops has full access

by “probably check the permissions of that project” do you mean in sonarqube? if yes, where in the UI?

Under the project-level Project Settings / Administration (depending on your version of SonarQube) > Permissions

Sonarqube is 9.6

Both projects have the exact same permissions and I am using the token I generated when I created the 1st project
Might be that I should create a global token instead of project token?

Hey there.

A project analysis token will only work for a specific project, so a global analysis token would make sure you can use it for all projects for which your user has permission.