Various build steps (or other code run during builds) ought to be checking permissions. For example, you should only be able to trigger a downstream build if "you" would otherwise have permission to schedule that job manually. Similarly for accessing artifacts, running on secure slave nodes, and so on.

      Unfortunately in Jenkins currently all builds run in SYSTEM, i.e. effectively having all permissions, and it is up to each build step to do its own checks. Worse, there is no clear authentication to associate with the build. If it was started manually by a particular user, you could use that authentication, but other causes do not lead to a clear user name.

      There should be some (probably extensible) system of associating an Authentication with a given Run, either based on its Cause or something else such as the last User to configure the Job.

          [JENKINS-16956] Require authentication for build triggers

          Jesse Glick created issue -
          Jesse Glick made changes -
          Link New: This issue is blocking SECURITY-55 [ SECURITY-55 ]

          Jesse Glick added a comment -

          JENKINS-13222 asks for a different hack for identifying a parameterized upstream job on which we need READ, but the real problem is that the permission check is normally done in the @DataBoundConstructor, when it should always be done in perform on behalf of some principal.

          Jesse Glick added a comment - JENKINS-13222 asks for a different hack for identifying a parameterized upstream job on which we need READ , but the real problem is that the permission check is normally done in the @DataBoundConstructor , when it should always be done in perform on behalf of some principal.
          Jesse Glick made changes -
          Link New: This issue is blocking JENKINS-13222 [ JENKINS-13222 ]
          Jesse Glick made changes -
          Link New: This issue is blocking JENKINS-13502 [ JENKINS-13502 ]

          Jesse Glick added a comment -

          CommandDuringBuild should also automatically authenticate you based on the running build.

          Jesse Glick added a comment - CommandDuringBuild should also automatically authenticate you based on the running build.
          Jesse Glick made changes -
          Link New: This issue is related to JENKINS-14992 [ JENKINS-14992 ]
          Jesse Glick made changes -
          Link New: This issue depends on JENKINS-18285 [ JENKINS-18285 ]
          Jesse Glick made changes -
          Link New: This issue is blocking JENKINS-14999 [ JENKINS-14999 ]

          Jesse Glick added a comment -

          The CommandDuringBuild issue does not necessarily need this; filed separately as JENKINS-22472.

          Jesse Glick added a comment - The CommandDuringBuild issue does not necessarily need this; filed separately as JENKINS-22472 .
          Jesse Glick made changes -
          Link New: This issue is related to JENKINS-22472 [ JENKINS-22472 ]

            jglick Jesse Glick
            jglick Jesse Glick
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: