403 Forbidden for single nuget package

I am building my application using Jenkins and using Octopack to package and push to Octopus on the same server. There are two websites and four Windows services. The services package and deploy fine. The first website gets a Response status code does not indicate success: 403 (Forbidden). response. My MSBuild command is:

$Workspace = $env:WORKSPACE
& $Workspace\.nuget\NuGet.exe restore $Workspace\Build.sln
$env:REVISION = Get-Content $Workspace\.version

$msbuild = 'C:\Program Files (x86)\MSBuild\14.0\Bin\MSBuild.exe'
&$msbuild $Workspace\Build.sln /t:Clean /t:Rebuild /nologo /p:Configuration=Release /p:RunOctoPack=true /p:OctoPackPublishPackageToHttp=http://jenkins:8081/nuget/packages /p:OctoPackPublishApiKey=$env:OctopusApiKey "/p:OctoPackNuGetProperties=version=$env:REVISION.$env:BUILD_NUMBER" /p:OctoPackPackageVersion=$env:REVISION.$env:BUILD_NUMBER /p:OctoPackEnforceAddingFiles=true

The change I made was to use a built in Octopus service account instead of my Domain account. I created the user, generated the API key (stored in $env:OctopusApiKey). I had not added this user to a team with the Package Publisher role. When I do, it can push the website packages without issue.

In Diagnostics:

You do not have permission to perform this action. Please contact your Octopus administrator. Missing permission: BuiltInFeedPush (BuildService requesting http://jenkins:8081/nuget/packages/)

Why could it push four out of my six packages without access to this role?

Hi Hamish,

Thanks for getting in touch!

It seems very strange that the user could push any package when they didn’t have BuiltInFeedPush permission as this is required to push a package to Octopus. Unless something was cached so it was using some old values I’m not sure what would’ve caused this issue. If I understand correctly though, if you add the service account to a team with Package Publisher role it all works as expected?

Thank you and best regards,

Yeah, it worked repeatedly for the service packages (not that that makes any difference, a package is a package) but never for the website ones. I configured the service account with the correct roles and everything works now. Let’s chalk this one up to something environmental. I had just changed the user from my domain account to the new service account, so something probably was cached there.