Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-20475

Add option to skip security checks for System users

    • Icon: Improvement Improvement
    • Resolution: Won't Fix
    • Icon: Major Major
    • role-strategy-plugin
    • None

      Security checks for SYSTEM are useless for most cases. They should be disabled by default .

      BTW, The option may be useful for some cases, so the plugin should provide a configuration option to retain backward compatibility

          [JENKINS-20475] Add option to skip security checks for System users

          Oleg Nenashev added a comment -

          A fix in plugin for old core versions

          Oleg Nenashev added a comment - A fix in plugin for old core versions

          Rick Liu added a comment -

          Hi Oleg,

          I'm not sure if this is related since this ticket is really long time ago.
          My environment is:
          Ubuntu 14.04
          OpenJDK8u111
          Jenkins v2.32.1 LTS
          Role-based Authorization Strategy v2.3.2

          Currently, I have:
          6 x 500GB SSD RAID-5
          3 Global roles (Job_veiwers, admin, anonymous)
          116 Project roles
          0 slave roles
          436 users
          2077 jobs

          2 days ago,
          I just added 800+ jobs through Multi-branch configuration.
          (adding only the jobs, role configurations remains the same)

          Before adding the 800+ jobs,
          the WebUI response was ok (acceptable).
          Every click (open job, open job configuration) response within 3~5 seconds.

          After adding the 800+ jobs,
          now the web UI response super slow (takes about 30 seconds to open a new page).

          After some investigation,
          I found if the user is in ADMIN role,
          then the response is slow,
          and if the same user is removed from ADMIN role,
          then the response is back to normal.

          I also created a custom role but using the wildcard * to match all the jobs (to pretend admin permissions).
          Then the result is the same that the response is really slow.
          Now,
          I don't know how to debug more.

          What's the best way to resolve this?

          Rick Liu added a comment - Hi Oleg, I'm not sure if this is related since this ticket is really long time ago. My environment is: Ubuntu 14.04 OpenJDK8u111 Jenkins v2.32.1 LTS Role-based Authorization Strategy v2.3.2 Currently, I have: 6 x 500GB SSD RAID-5 3 Global roles (Job_veiwers, admin, anonymous) 116 Project roles 0 slave roles 436 users 2077 jobs 2 days ago, I just added 800+ jobs through Multi-branch configuration. (adding only the jobs, role configurations remains the same) Before adding the 800+ jobs, the WebUI response was ok (acceptable). Every click (open job, open job configuration) response within 3~5 seconds. After adding the 800+ jobs, now the web UI response super slow (takes about 30 seconds to open a new page). After some investigation, I found if the user is in ADMIN role, then the response is slow, and if the same user is removed from ADMIN role, then the response is back to normal. I also created a custom role but using the wildcard * to match all the jobs (to pretend admin permissions). Then the result is the same that the response is really slow. Now, I don't know how to debug more. What's the best way to resolve this?

          Oleg Nenashev added a comment -

          totoroliu kinda "as designed" if you have 800 jobs on the top level without folders. ADMINs are not a SYSTEM user, hence this case is not applicable. Rather see issues like JENKINS-18377

          Oleg Nenashev added a comment - totoroliu kinda "as designed" if you have 800 jobs on the top level without folders. ADMINs are not a SYSTEM user, hence this case is not applicable. Rather see issues like JENKINS-18377

          Jesse Glick added a comment -

          Unnecessary given JENKINS-20474.

          Jesse Glick added a comment - Unnecessary given  JENKINS-20474 .

            Unassigned Unassigned
            oleg_nenashev Oleg Nenashev
            Votes:
            2 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: