-
Improvement
-
Resolution: Unresolved
-
Major
-
None
-
Jenkins 1.509.1 or Jenkins 1.518, both configured with "Project-based Matrix Authorization Strategy".
Matrix-reloaded 1.1.1
I am experiencing the following situation: I am logged into an instance of Jenkins that supports multiple users and is configured such that, by default, they cannot trigger each others jobs. I have created a matrix job, checked the "Enable project-based security", added my account to the permissions matrix and checked all options, including the job build option, to give myself all permissions for my job. Now, I can manually trigger a build without a problem. However, when I try to trigger any build of my own job via the matrix-reloaded mechanism, I get a permission denied error message.
It seems this is because the matrix-reloaded plugin is not handling permissions in the same way that the normal manual build triggering mechanism does. When I go to the Jenkins global security settings and enable the job build permission for all users, only then will triggering a build via matrix-reloaded work. However, this defeats the point of a per-job authorisation strategy since now everyone on the system can trigger my jobs.
I suspect the fix to issue #16628 was not actually implemented correctly. My suggestion would be to check the permissions in the same way that the normal manual build triggering does. Ideally, using the same code.
[JENKINS-19970] ( Praqma case 10162 ) Matrix-reloaded does not adhere to build permissions in the same way that normal manual build triggering does.
Artur Szostak
added a comment - For Jenkins 1.509.1 I have Jenkins use its own user database and for version 1.518 I have it configured to use the host's Unix users and groups.
Artur Szostak
added a comment - For Jenkins 1.509.1 I have Jenkins use its own user database and for version 1.518 I have it configured to use the host's Unix users and groups. Hi Artur
I read your description of the problem as basically "The matrix-reloaded plugin does not support project-based security matrix" - So I expect that we could reproduce this error simply by turning that one.
Is that correct?
We will try to reproduce the fault here and estimate the fix.
Cheers
Lars Kruse
Artur Szostak
added a comment - Yes, you should be able to reproduce it with enabling "Project-based Matrix Authorization Strategy" and following my description. I was able to do so on two different versions of Jenkins.
Since you say the plugin was not supposed to support "Project-based Matrix Authorization Strategy" I change the ticket to a improvement request. However, I suggest to add some information about this limitation to the wikipage, while this ticket remains open.
Artur Szostak
added a comment - Yes, you should be able to reproduce it with enabling "Project-based Matrix Authorization Strategy" and following my description. I was able to do so on two different versions of Jenkins.
Since you say the plugin was not supposed to support "Project-based Matrix Authorization Strategy" I change the ticket to a improvement request. However, I suggest to add some information about this limitation to the wikipage, while this ticket remains open. 
Oliver Bock
added a comment - FWIW, we experience the same error: using project-based security (which is vital) doesn't work with Matrix Reloaded. It doesn't allow to trigger matrix rebuilds by users who don't have global build permissions, as described by the original reporter.
Is there any update on this?
Thanks.
Oliver Bock
added a comment - FWIW, we experience the same error: using project-based security (which is vital) doesn't work with Matrix Reloaded. It doesn't allow to trigger matrix rebuilds by users who don't have global build permissions, as described by the original reporter.
Is there any update on this?
Thanks. 
Hi Artur.
What are the permissions of the account that runs the jenkins daemon / service ?
Best
Jens Brejner
Praqma