I have created a small Groovy script which is executed by a Jenkins job after the master has started:
/* =========================================================================
The permission "Poll" can be assigned to an role, but it is not possible
to save this assignemnt so that it is available after a restart of
Jenkins
========================================================================= */
import hudson.security.*
import jenkins.model.Jenkins
import com.michelin.cio.hudson.plugins.rolestrategy.Role
import com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy
println "\n\n### Start - assign permission 'Poll' to role 'user' ###"
/* retrieve permission "Poll" */
List permissionList=hudson.security.Permission.getAll()
Permission pollPermission=null
for (permission in permissionList) {
if (permission.name=="Poll")
{
println "Permission 'Poll' exists"
pollPermission=permission
break
}
}
if (pollPermission==null) {
println "Permission 'Poll' does not exist"
} else {
/* retrieve role "user" */
Role userRole=null
AuthorizationStrategy auth = Jenkins.getInstance().getAuthorizationStrategy();
if (auth instanceof RoleBasedAuthorizationStrategy){
RoleBasedAuthorizationStrategy rbas = (RoleBasedAuthorizationStrategy) auth;
SortedMap roleMap=rbas.getGrantedRoles(RoleBasedAuthorizationStrategy.GLOBAL)
for (role in roleMap.keySet()) {
if (role.name=="user")
{
println "Role 'user' exists"
userRole=role
break
}
}
if (userRole==null)
{
printl "Role 'user' does not exist"
}
else {
if (!userRole.hasPermission(pollPermission))
{
println "Role 'user' is missing permission 'Poll'"
Set permissionSet=userRole.getPermissions()
permissionSet.add(pollPermission)
println "Permission 'Poll' assigned to role 'user'"
}
else
{
println "Role 'user' already has permission 'Poll'"
}
}
}
}
println "### End ###\n\n"
Any news on this one ?