Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-10871

Enabling Project Matrix Athorization Locks Out Users

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      If you click "Enable Project Matrix Authorization" under Manage Jenkins, and then proceed to a project to configure project level security as suggested by the help file, all users, including the currently logged in admin account, are immediately restricted due to not having read access to anything. Since the current user is immediately restricted, there seems to be no way to adjust permissions, other than to bounce Jenkins, edit the config file to diable security, and then reconfigure security.

        Attachments

          Issue Links

            Activity

            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Martin d'Anjou, you deleted the security plugin, so Jenkins cannot start up. It's a valid behavior, because other ones will impose security breaches. You can reset the security by cleaning up the appropriate section in Jenkins config.xml

            Show
            oleg_nenashev Oleg Nenashev added a comment - Martin d'Anjou , you deleted the security plugin, so Jenkins cannot start up. It's a valid behavior, because other ones will impose security breaches. You can reset the security by cleaning up the appropriate section in Jenkins config.xml
            Hide
            deepchip Martin d'Anjou added a comment -

            Is it possible to enable the right plugin instead of editing the config.xml? If so, which plugin do I need to enable in the following list? I use LDAP for authentication.

            ant.jpi.disabled
            antisamy-markup-formatter.jpi.disabled
            credentials.jpi.disabled
            cvs.jpi.disabled
            external-monitor-job.jpi.disabled
            javadoc.jpi.disabled
            junit.jpi.disabled
            mailer.jpi.disabled
            matrix-auth.jpi.disabled
            matrix-project.jpi.disabled
            maven-plugin.jpi.disabled
            pam-auth.jpi.disabled
            script-security.jpi.disabled
            ssh-credentials.jpi.disabled
            ssh-slaves.jpi.disabled
            subversion.jpi.disabled
            translation.jpi.disabled
            windows-slaves.jpi.disabled
            
            Show
            deepchip Martin d'Anjou added a comment - Is it possible to enable the right plugin instead of editing the config.xml ? If so, which plugin do I need to enable in the following list? I use LDAP for authentication. ant.jpi.disabled antisamy-markup-formatter.jpi.disabled credentials.jpi.disabled cvs.jpi.disabled external-monitor-job.jpi.disabled javadoc.jpi.disabled junit.jpi.disabled mailer.jpi.disabled matrix-auth.jpi.disabled matrix-project.jpi.disabled maven-plugin.jpi.disabled pam-auth.jpi.disabled script-security.jpi.disabled ssh-credentials.jpi.disabled ssh-slaves.jpi.disabled subversion.jpi.disabled translation.jpi.disabled windows-slaves.jpi.disabled
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Yes, you can enable and even install the plugin using the filesystem

            Show
            oleg_nenashev Oleg Nenashev added a comment - Yes, you can enable and even install the plugin using the filesystem
            Hide
            deepchip Martin d'Anjou added a comment -

            The only solution was to re-enable all plugins from the file system, and restart jenkins. I have demoted the priority back to Major.

            Show
            deepchip Martin d'Anjou added a comment - The only solution was to re-enable all plugins from the file system, and restart jenkins. I have demoted the priority back to Major.
            Hide
            danielbeck Daniel Beck added a comment -

            Towards matrix-auth 1.8 I addressed the accidental lockout by ensuring that, if there's no admin user specified, the submitting user will be made admin (JENKINS-46832).

            What's left is the issue of parsing the resulting config file (no longer created after the fix above, but still), tracked as JENKINS-9774.

            Show
            danielbeck Daniel Beck added a comment - Towards matrix-auth 1.8 I addressed the accidental lockout by ensuring that, if there's no admin user specified, the submitting user will be made admin ( JENKINS-46832 ). What's left is the issue of parsing the resulting config file (no longer created after the fix above, but still), tracked as JENKINS-9774 .

              People

              Assignee:
              danielbeck Daniel Beck
              Reporter:
              scanguskhan Scott MacDonald
              Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: