"Insufficient privileges", no analysis runs when using SonarLint IDEA plugin with SonarQube

• Operating system: Windows 10
• IDE name and flavor/env: IntelliJ IDEA 2024.2.1 (CE)
• SonarQube Community Edition v10.6 (92116) ACTIVE
• IntelliJ plugin SonarLint 10.8.1.79205
• node v20.11.1 at the default “Node.js path”

When using SonarQube, IntelliJ plugin SonarLint (Java) only logs Analysis skipped as the engine is not ready yet for each attempt. The “Analyze All Project Files” shows a popup, but does nothing after confirmation. If a workaround is needed, please document the workaround inside the plugin to be displayed after clicking on the Proceed button.

Same reported by:

• IntelliJ IDEA 2023.3 : Plugin does nothing?
• SonarLint File Analyze not working anymore for connected mode

When initializing, it logs these errors:

[SonarLint Server RPC request executor] ERROR org.eclipse.lsp4j.jsonrpc.RemoteEndpoint - Internal error: java.lang.IllegalStateException: Insufficient privileges
java.util.concurrent.CompletionException: java.lang.IllegalStateException: Insufficient privileges
	at java.base/java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:315)
	at java.base/java.util.concurrent.CompletableFuture.completeThrowable(CompletableFuture.java:320)
	at java.base/java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:649)
	at java.base/java.util.concurrent.CompletableFuture$Completion.run(CompletableFuture.java:482)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
	at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: java.lang.IllegalStateException: Insufficient privileges
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.handleError(ServerApiHelper.java:145)
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.get(ServerApiHelper.java:74)
	at org.sonarsource.sonarlint.core.serverapi.issue.IssueApi.lambda$pullTaintIssues$10(IssueApi.java:219)
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.processTimed(ServerApiHelper.java:243)
	at org.sonarsource.sonarlint.core.serverapi.issue.IssueApi.pullTaintIssues(IssueApi.java:218)
	at org.sonarsource.sonarlint.core.serverconnection.TaintIssueDownloader.downloadTaintFromPull(TaintIssueDownloader.java:100)
	at org.sonarsource.sonarlint.core.serverconnection.ServerIssueUpdater.syncTaints(ServerIssueUpdater.java:79)
	at org.sonarsource.sonarlint.core.sync.TaintSynchronizationService.updateServerTaintIssuesForProject(TaintSynchronizationService.java:97)
	at org.sonarsource.sonarlint.core.sync.TaintSynchronizationService.synchronizeTaintVulnerabilities(TaintSynchronizationService.java:80)
	at org.sonarsource.sonarlint.core.sync.TaintSynchronizationService.lambda$synchronizeTaintVulnerabilities$1(TaintSynchronizationService.java:74)
	at java.base/java.util.Optional.ifPresent(Optional.java:178)
	at org.sonarsource.sonarlint.core.sync.TaintSynchronizationService.lambda$synchronizeTaintVulnerabilities$2(TaintSynchronizationService.java:74)
	at java.base/java.util.HashMap.forEach(HashMap.java:1429)
	at org.sonarsource.sonarlint.core.sync.TaintSynchronizationService.lambda$synchronizeTaintVulnerabilities$3(TaintSynchronizationService.java:74)
	at java.base/java.util.Optional.ifPresent(Optional.java:178)
	at org.sonarsource.sonarlint.core.sync.TaintSynchronizationService.synchronizeTaintVulnerabilities(TaintSynchronizationService.java:69)
	at org.sonarsource.sonarlint.core.tracking.TaintVulnerabilityTrackingService.lambda$loadTaintVulnerabilities$27(TaintVulnerabilityTrackingService.java:201)
	at java.base/java.util.Optional.map(Optional.java:260)
	at org.sonarsource.sonarlint.core.tracking.TaintVulnerabilityTrackingService.loadTaintVulnerabilities(TaintVulnerabilityTrackingService.java:199)
	at org.sonarsource.sonarlint.core.tracking.TaintVulnerabilityTrackingService.lambda$listAll$0(TaintVulnerabilityTrackingService.java:81)
	at java.base/java.util.Optional.map(Optional.java:260)
	at org.sonarsource.sonarlint.core.tracking.TaintVulnerabilityTrackingService.listAll(TaintVulnerabilityTrackingService.java:81)
	at org.sonarsource.sonarlint.core.rpc.impl.TaintVulnerabilityTrackingRpcServiceDelegate.lambda$listAll$0(TaintVulnerabilityTrackingRpcServiceDelegate.java:36)
	at org.sonarsource.sonarlint.core.rpc.impl.AbstractRpcServiceDelegate.lambda$requestAsync$0(AbstractRpcServiceDelegate.java:67)
	at org.sonarsource.sonarlint.core.rpc.impl.AbstractRpcServiceDelegate.computeWithLogger(AbstractRpcServiceDelegate.java:135)
	at org.sonarsource.sonarlint.core.rpc.impl.AbstractRpcServiceDelegate.lambda$requestAsync$1(AbstractRpcServiceDelegate.java:65)
	at java.base/java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:646)
	... 4 common frames omitted

[SonarLint Local Storage Synchronizer] ERROR sonarlint - Error while fetching new code definition
java.lang.IllegalStateException: Insufficient privileges
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.handleError(ServerApiHelper.java:145)
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.get(ServerApiHelper.java:74)
	at org.sonarsource.sonarlint.core.serverapi.newcode.NewCodeApi.getNewCodeDefinition(NewCodeApi.java:59)
	at org.sonarsource.sonarlint.core.serverconnection.LocalStorageSynchronizer.synchronizeAnalyzerConfig(LocalStorageSynchronizer.java:86)
	at org.sonarsource.sonarlint.core.serverconnection.ServerConnection.sync(ServerConnection.java:61)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.lambda$synchronizeConnectionAndProjectsIfNeededSync$16(SynchronizationService.java:319)
	at java.base/java.util.HashMap.forEach(HashMap.java:1429)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.synchronizeConnectionAndProjectsIfNeededSync(SynchronizationService.java:316)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.lambda$synchronizeConnectionAndProjectsIfNeededAsync$12(SynchronizationService.java:292)
	at java.base/java.util.Optional.ifPresent(Optional.java:178)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.lambda$synchronizeConnectionAndProjectsIfNeededAsync$13(SynchronizationService.java:292)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
	at java.base/java.lang.Thread.run(Thread.java:1583)

[SonarLint Local Storage Synchronizer] ERROR sonarlint - Error running task 'Synchronizing projects...'
java.lang.IllegalStateException: Insufficient privileges
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.handleError(ServerApiHelper.java:145)
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.get(ServerApiHelper.java:74)
	at org.sonarsource.sonarlint.core.serverapi.issue.IssueApi.lambda$pullIssues$7(IssueApi.java:175)
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.processTimed(ServerApiHelper.java:243)
	at org.sonarsource.sonarlint.core.serverapi.issue.IssueApi.pullIssues(IssueApi.java:174)
	at org.sonarsource.sonarlint.core.serverconnection.IssueDownloader.downloadFromPull(IssueDownloader.java:95)
	at org.sonarsource.sonarlint.core.serverconnection.ServerIssueUpdater.sync(ServerIssueUpdater.java:66)
	at org.sonarsource.sonarlint.core.sync.IssueSynchronizationService.syncServerIssuesForProject(IssueSynchronizationService.java:63)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.lambda$synchronizeProjectWithProgress$6(SynchronizationService.java:202)
	at java.base/java.util.Optional.ifPresent(Optional.java:178)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.lambda$synchronizeProjectWithProgress$7(SynchronizationService.java:197)
	at java.base/java.util.HashMap.forEach(HashMap.java:1429)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.synchronizeProjectWithProgress(SynchronizationService.java:197)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.lambda$synchronizeProjectsOfTheSameConnection$4(SynchronizationService.java:185)
	at java.base/java.util.Optional.ifPresent(Optional.java:178)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.synchronizeProjectsOfTheSameConnection(SynchronizationService.java:181)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.lambda$synchronizeProjectsSync$3(SynchronizationService.java:165)
	at org.sonarsource.sonarlint.core.progress.TaskManager.startTask(TaskManager.java:61)
	at org.sonarsource.sonarlint.core.progress.TaskManager.startTask(TaskManager.java:44)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.synchronizeProjectsSync(SynchronizationService.java:157)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.synchronizeConnectionAndProjectsIfNeededSync(SynchronizationService.java:328)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.lambda$synchronizeConnectionAndProjectsIfNeededAsync$12(SynchronizationService.java:292)
	at java.base/java.util.Optional.ifPresent(Optional.java:178)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.lambda$synchronizeConnectionAndProjectsIfNeededAsync$13(SynchronizationService.java:292)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
	at java.base/java.lang.Thread.run(Thread.java:1583)

Hello @vodoc82730,

It means that the token you use to connect your SonarLint instance to SonarQube does not have permission to pull issues from the server. So you need to fix the permissions on the server side.
Here’s the doc page regarding tokens:

Hope it helps.

Hi, thanks, but I wasn’t able to find the information about necessary steps there. I have token generated, I don’t see any token configuration in IDE, and the Connected Mode documentation doesn’t talk about this setup. Do I need to change Project’s permissions? Does IDEA use token or any of these users?

Also note that it is really necessary to update the in-app tutorial, so that when this error occurs in the plugin, the user is told what exactly is the problem and how to fix it. We expect a situation where we spin a SonarQube docker instance, enable plugin, configure it in IDEA, and it just works, without having to spend 10 hours analyzing it.

Thanks for the update.

Hello @vodoc82730,

My apologies for the late reply.

Here’s the link for the configuration of the Connected Mode for SonarLint in IntelliJ IDEs.

If you are logged into the SonarQube in your browser you will. be able to generate the token from the IntelliJ interface on the second step of the wizard. It looks like this:

After clicking on token creation, the browser opens the confirmation page. Once confirmed, the token is populated in the corresponding field of the wizard.
After that, binding to the specific project should be configured, and you will be able to use all the connected mode features. Including the full project scan.

Regarding the user permissions on the project level:

The two highlighted are needed only if you want the SonarLint user to be able to change the issue and hotpot status via the SonarLint interface. The two left ones only make sense for the private projects. For public ones, they are enabled by default and are not configurable.
Here’s the doc page on that:
https://docs.sonarsource.com/sonarqube/latest/project-administration/setting-project-permissions/
If you install your SonarQube and use the default settings, it’s already configured as described. Your errors above could be caused by the misconfiguration. Or by the fact that the token is revoked, expired, or invalid in another way. So better to check the configuration, and if it’s fine but you keep getting errors - to re-issue the token.
I hope it helps.

If something described doesn’t work as expected, please return to this topic with the feedback, and we will investigate your situation.

Also, thanks for your feedback regarding the in-app tutorial. We are currently working on something that will improve the UX around such problems.
Here’s the ticket.

Best,
Kirill