The token doesn't have the required permissions (Code: Read & Write)

ChrisHolman · January 28, 2021, 11:23am

Attempting to import our Azure DevOps organisation to SonarCloud, i click the + > Analyse New Project > Import another organisation.

I’ve entered the AzureDevOps organisation name ‘glasswall’
I’ve created my PAT and entered the token, but upon doing so i get 'The token doesn’t have the required permissions (Code: Read & Write).

After checking my PAT, i can confirm it has those permissions, but it still isn’t being accepted. So right now, i’m unable to import our Azure DevOps projects.

Any advice on how to solve this problem please?

ChrisHolman · January 28, 2021, 11:31am

After some further digging, it appears that if ‘Enable Azure Active Directory Conditional Access Policy Validation;’ is on, it causes an issue with authenticating with SonarCloud - is there a work around for this?

mickaelcaro · January 28, 2021, 1:18pm

Hi @ChrisHolman and welcome to the community !

I’m afraid there are no workaround possible currently for this.

Mickaël

ChrisHolman · January 28, 2021, 1:20pm

Thanks for the reply Mickaël!

So if this option is switched on, we’re unable to use SonarCloud?

mickaelcaro · January 28, 2021, 1:58pm

This is true, yes.

ChrisHolman · January 28, 2021, 5:34pm

What are the IP addresses associated to SonarCloud? We can add them to the CAP so the communication can succeed.

mickaelcaro · January 29, 2021, 7:17am

Hi @ChrisHolman

We don’t have fixed IPs, you’ll have to rely on the domain itself.

Mickaël

ChrisHolman · January 29, 2021, 9:23am

Thanks! I assume whitelisting sonarcloud.io will be sufficient?

mickaelcaro · January 29, 2021, 9:31am

It should be, but as far as i remember this is not possible to do it like that with the CAP ?

ChrisHolman · January 29, 2021, 4:07pm

We whitelisted the IP associated with sonarloud.io (18.194.60.35) but still get the 'The token doesn’t have the required permissions (Code:Read & Write).

AliK · August 1, 2022, 10:12pm

Hi Chris / Michael, were you ever able to get SonarCloud working with Azure AD Conditional Access Policies enabled? We also have CAPs enforced, but would like to use SonarCloud.

Michael,
Are all SonarCloud services hosted in the AWS eu-central-1 region?

AliK · August 1, 2022, 10:43pm

If you whitelist all AWS EC2 IP Addresses from the following link, you’ll be able to use CAPs with SonarCloud. These ranges may be changed, so if you are experiencing issues, you’ll need to refresh the IP Addresses in your Azure AD CAP.

https://ip-ranges.amazonaws.com/ip-ranges.json

mickaelcaro · August 2, 2022, 7:09am

Hi @AliK

Yes for now this is the only solution we can propose, we’re working on a proper one, but this is just ideation for now, no ETA to give.

Thanks!

system · August 9, 2022, 7:09am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
The token doesn’t have the required permissions (Code: Read & Write) SonarQube Cloud scanner , sonarqube-cloud	5	365	December 21, 2023
Token error when trying to import organization SonarQube Cloud azuredevops , sonarqube-cloud	1	209	February 23, 2024
Importing Organization to Sonarcloud From Azure DevOps SonarQube Cloud sonarqube-cloud	3	2231	December 15, 2020
Unable to add an organization from azure SonarQube Cloud sonarqube-cloud	4	283	September 26, 2023
How to update this Azure Devops token for my account? SonarQube Cloud	1	456	January 23, 2023

The token doesn't have the required permissions (Code: Read & Write)

Related topics