Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-20148

Misleading description of the 'workspace' permission

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • None

      The tooltip on the Job/Workspace permission in the authorization configuration matrix after saying what the permission really does suggests that "if you don't want an user to access the source code, you can do so by revoking this permission".

      Unfortunately the workspace is often only one of many ways to access the source code via Jenkins, which makes the suggestion rather misleading. Eg. for maven projects the archived source artifacts or the source xref report in the archived maven-generated site, both of which are accessible without the 'workspace' permission, give access to the sources.

          [JENKINS-20148] Misleading description of the 'workspace' permission

          mdp created issue -
          Jesse Glick made changes -
          Component/s New: core [ 15593 ]
          Component/s Original: matrix-auth [ 18131 ]
          Daniel Beck made changes -
          Assignee Original: Jesse Glick [ jglick ] New: Daniel Beck [ danielbeck ]
          Daniel Beck made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Daniel Beck made changes -
          Remote Link New: This issue links to "PR 1494 (Web Link)" [ 11929 ]
          SCM/JIRA link daemon made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: In Progress [ 3 ] New: Resolved [ 5 ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 151670 ] New: JNJira + In-Review [ 194039 ]

            danielbeck Daniel Beck
            mdp mdp
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: