Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-17509

Global security loses Poll SCM permission for anonymous users after Jenkins restart

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • pollscm-plugin
    • Jenkins 1.510
      Windows Server 2003 SP2

      I've assigned security permissions so anonymous users can use the Poll SCM now feature for all jobs, but not Build Now. If I restart Jenkins though, it says there is Old Data that needs to be removed, and recommends me to use the Manage Old Data feature to get rid of it. Specifically:

      IllegalArgumentException: Failed to parse 'hudson.model.Item.Poll:anonymous' — no such permission

      If I go into Global Security Configuration, and enable Poll and click save, the issue goes away until next restart.

          [JENKINS-17509] Global security loses Poll SCM permission for anonymous users after Jenkins restart

          clausfod added a comment -

          Any news on this one ?

          clausfod added a comment - Any news on this one ?

          I have created a small Groovy script which is executed by a Jenkins job after the master has started:

          /* =========================================================================
          The permission "Poll" can be assigned to an role, but it is not possible
          to save this assignemnt so that it is available after a restart of
          Jenkins
          ========================================================================= */

          import hudson.security.*
          import jenkins.model.Jenkins
          import com.michelin.cio.hudson.plugins.rolestrategy.Role
          import com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy

          println "\n\n### Start - assign permission 'Poll' to role 'user' ###"

          /* retrieve permission "Poll" */
          List permissionList=hudson.security.Permission.getAll()

          Permission pollPermission=null

          for (permission in permissionList) {
          if (permission.name=="Poll")

          { println "Permission 'Poll' exists" pollPermission=permission break }

          }

          if (pollPermission==null) {
          println "Permission 'Poll' does not exist"
          } else {
          /* retrieve role "user" */
          Role userRole=null

          AuthorizationStrategy auth = Jenkins.getInstance().getAuthorizationStrategy();
          if (auth instanceof RoleBasedAuthorizationStrategy){
          RoleBasedAuthorizationStrategy rbas = (RoleBasedAuthorizationStrategy) auth;
          SortedMap roleMap=rbas.getGrantedRoles(RoleBasedAuthorizationStrategy.GLOBAL)

          for (role in roleMap.keySet()) {
          if (role.name=="user")

          { println "Role 'user' exists" userRole=role break }

          }

          if (userRole==null)

          { printl "Role 'user' does not exist" }

          else {
          if (!userRole.hasPermission(pollPermission))

          { println "Role 'user' is missing permission 'Poll'" Set permissionSet=userRole.getPermissions() permissionSet.add(pollPermission) println "Permission 'Poll' assigned to role 'user'" }

          else

          { println "Role 'user' already has permission 'Poll'" }

          }
          }

          }

          println "### End ###\n\n"

          Bernhard Berbuir added a comment - I have created a small Groovy script which is executed by a Jenkins job after the master has started: /* ========================================================================= The permission "Poll" can be assigned to an role, but it is not possible to save this assignemnt so that it is available after a restart of Jenkins ========================================================================= */ import hudson.security.* import jenkins.model.Jenkins import com.michelin.cio.hudson.plugins.rolestrategy.Role import com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy println "\n\n### Start - assign permission 'Poll' to role 'user' ###" /* retrieve permission "Poll" */ List permissionList=hudson.security.Permission.getAll() Permission pollPermission=null for (permission in permissionList) { if (permission.name=="Poll") { println "Permission 'Poll' exists" pollPermission=permission break } } if (pollPermission==null) { println "Permission 'Poll' does not exist" } else { /* retrieve role "user" */ Role userRole=null AuthorizationStrategy auth = Jenkins.getInstance().getAuthorizationStrategy(); if (auth instanceof RoleBasedAuthorizationStrategy){ RoleBasedAuthorizationStrategy rbas = (RoleBasedAuthorizationStrategy) auth; SortedMap roleMap=rbas.getGrantedRoles(RoleBasedAuthorizationStrategy.GLOBAL) for (role in roleMap.keySet()) { if (role.name=="user") { println "Role 'user' exists" userRole=role break } } if (userRole==null) { printl "Role 'user' does not exist" } else { if (!userRole.hasPermission(pollPermission)) { println "Role 'user' is missing permission 'Poll'" Set permissionSet=userRole.getPermissions() permissionSet.add(pollPermission) println "Permission 'Poll' assigned to role 'user'" } else { println "Role 'user' already has permission 'Poll'" } } } } println "### End ###\n\n"

            vlatombe Vincent Latombe
            adham_hassan Adham Hassan
            Votes:
            5 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated: