• Type: Improvement
• Resolution: Not A Defect
• Priority: Major
• Component/s: credentials-plugin, role-strategy-plugin, subversion-plugin
• Labels:

  • credentials
  • role_strategy
  • scm
  • security
  • subversion
• Environment:

  Hide

  - Jenkins, version 1.546 (latest LTS when this issue created).
  - Jenkins Credentials Plugin (credentials), version 1.10 (latest when this issue created).
  - Jenkins Subversion Plugin (subversion), version 2.2 (latest when this issue created).
  - Jenkins Role Strategy Plugin (role-strategy), version 2.1.0 (latest when this issue created).
  - JBoss Application Server 4.2.3.
  - Subversion.

  Show

  - Jenkins, version 1.546 (latest LTS when this issue created). - Jenkins Credentials Plugin (credentials), version 1.10 (latest when this issue created). - Jenkins Subversion Plugin (subversion), version 2.2 (latest when this issue created). - Jenkins Role Strategy Plugin (role-strategy), version 2.1.0 (latest when this issue created). - JBoss Application Server 4.2.3. - Subversion.

1. 

   JENKINS-22289_TeamAProject1.png

   87 kB

   2014-03-21 09:44

2. 

   JENKINS-22289_TeamBProject1.png

   75 kB

   2014-03-21 09:44

3. 

   JENKINS-22289_ManageAndAssignRoles.png

   91 kB

   2014-03-21 08:47

[JENKINS-22289] Subversion Credentials with Role-Based-Security

Stephen Dharma created issue - 2014-03-21 08:27

Stephen Dharma made changes - 2014-03-21 08:28

Labels

Original: security subversion

New: credentials role_strategy scm security subversion

Stephen Dharma made changes - 2014-03-21 08:38

Description

Original: Currently when using Jenkins with "Subversion Plugin" and "Role Strategy Plugin", the Administrator does not have any control on how to manage "Subversion Credentials" privileges between different teams. Steps to reproduce issue: (TODO) Actual Behavior: (TODO) Expected Behavior: (TODO)

New: Currently when using Jenkins with "Subversion Plugin" and "Role Strategy Plugin", the Administrator does not have any control on how to manage "Subversion Credentials" privileges between different teams. Prerequisite: - Jenkins Credentials Plugin installed. - Jenkins Subversion Plugin installed. - Jenkins Role Strategy Plugin installed. - Access Control - Security Realm: "Jenkins’ own user database". - Access Control - Authorization: "Role-Based Strategy". - Role "admin" (Global Privileges: all). - Role "Team-A-Administrators" (Global Privileges: Overall-Read, Job-Create)(Project Privileges, Pattern TeamA.*: Job-all, Run-all). - Jenkins Root Administrator User Account (e.g. "administrator") with Role "admin" (All Privileges). - Team-A Administrator User Account (e.g. "adminteama") with Role "Team-A-Administrators". Steps to reproduce issue: (TODO) Actual Behavior: (TODO) Expected Behavior: (TODO)

Stephen Dharma made changes - 2014-03-21 08:47

Attachment

New: JENKINS-22289_ManageAndAssignRoles.png [ 25586 ]

Stephen Dharma made changes - 2014-03-21 08:49

Description

Original: Currently when using Jenkins with "Subversion Plugin" and "Role Strategy Plugin", the Administrator does not have any control on how to manage "Subversion Credentials" privileges between different teams. Prerequisite: - Jenkins Credentials Plugin installed. - Jenkins Subversion Plugin installed. - Jenkins Role Strategy Plugin installed. - Access Control - Security Realm: "Jenkins’ own user database". - Access Control - Authorization: "Role-Based Strategy". - Role "admin" (Global Privileges: all). - Role "Team-A-Administrators" (Global Privileges: Overall-Read, Job-Create)(Project Privileges, Pattern TeamA.*: Job-all, Run-all). - Jenkins Root Administrator User Account (e.g. "administrator") with Role "admin" (All Privileges). - Team-A Administrator User Account (e.g. "adminteama") with Role "Team-A-Administrators". Steps to reproduce issue: (TODO) Actual Behavior: (TODO) Expected Behavior: (TODO)

New: Currently when using Jenkins with "Subversion Plugin" and "Role Strategy Plugin", the Administrator does not have any control on how to manage "Subversion Credentials" privileges between different teams. Prerequisites: - Jenkins Credentials Plugin installed. - Jenkins Subversion Plugin installed. - Jenkins Role Strategy Plugin installed. - Access Control - Security Realm: "Jenkins’ own user database". - Access Control - Authorization: "Role-Based Strategy". - Role "admin" (Global Privileges: all). - Role "Team-A-Administrators" (Global Privileges: Overall-Read, Job-Create)(Project Privileges, Pattern TeamA.*: Job-all, Run-all). (see screenshot: https://issues.jenkins-ci.org/secure/attachment/25586/JENKINS-22289_ManageAndAssignRoles.png ) - Jenkins Root Administrator User Account (e.g. "administrator") with Role "admin" (All Privileges). - Team-A Administrator User Account (e.g. "adminteama") with Role "Team-A-Administrators". Steps to reproduce issue: (TODO) Actual Behavior: (TODO) Expected Behavior: (TODO)

Stephen Dharma made changes - 2014-03-21 09:24

Description	Original: Currently when using Jenkins with "Subversion Plugin" and "Role Strategy Plugin", the Administrator does not have any control on how to manage "Subversion Credentials" privileges between different teams. Prerequisites: - Jenkins Credentials Plugin installed. - Jenkins Subversion Plugin installed. - Jenkins Role Strategy Plugin installed. - Access Control - Security Realm: "Jenkins’ own user database". - Access Control - Authorization: "Role-Based Strategy". - Role "admin" (Global Privileges: all). - Role "Team-A-Administrators" (Global Privileges: Overall-Read, Job-Create)(Project Privileges, Pattern TeamA.*: Job-all, Run-all). (see screenshot: https://issues.jenkins-ci.org/secure/attachment/25586/JENKINS-22289_ManageAndAssignRoles.png ) - Jenkins Root Administrator User Account (e.g. "administrator") with Role "admin" (All Privileges). - Team-A Administrator User Account (e.g. "adminteama") with Role "Team-A-Administrators". Steps to reproduce issue: (TODO) Actual Behavior: (TODO) Expected Behavior: (TODO)	New: Currently when using Jenkins with "Subversion Plugin" and "Role Strategy Plugin", the Administrator does not have any control on how to manage "Subversion Credentials" privileges between different teams. Prerequisites: - Jenkins Credentials Plugin installed. - Jenkins Subversion Plugin installed. - Jenkins Role Strategy Plugin installed. - Access Control - Security Realm: "Jenkins’ own user database". - Access Control - Authorization: "Role-Based Strategy". - Role "admin" (Global Privileges: all). - Role "Team-A-Administrators" (Global Privileges: Overall-Read, Credentials-Create, Credentials-View Job-Create)(Project Privileges, Pattern TeamA.*: Credentials-Create, Credentials-View, Job-all, Run-all). (see screenshot: https://issues.jenkins-ci.org/secure/attachment/25586/JENKINS-22289_ManageAndAssignRoles.png ) - Role "Team-B-Administrators" (Global Privileges: Overall-Read, Credentials-Create, Credentials-View, Job-Create)(Project Privileges, Pattern "TeamB.*": Credentials-Create, Credentials-View, Job-all, Run-all). - Jenkins Root Administrator User Account (e.g. "administrator") with Role "admin" (All Privileges). - Team-A Administrator User Account (e.g. "adminteama") with Role "Team-A-Administrators". - Team-B Administrator User Account (e.g. "adminteamb") with Role "Team-B-Administrators". - Subversion repository used by Team-A, (e.g. "svn.mycompany.com/project-a"), with SVN User Account "svnusera". - Subversion repository used by Team-B, (e.g. "svn.mycompany.com/project-b"), with SVN User Account "svnuserb". Steps to reproduce issue: 1. Login as Team-A Administrator ("adminteama"). 2. Create "New Job" with Job Name "TeamA-Project-1", type "Build a free-style software project". 3. In the Project Configuration page, select "Subversion" as the Source Code Management. 4. Input Repository URL "svn.mycompany.com/project-a". 5. Add Credentials,    - Kind: Username with password    - Scope: Global    - Username: svnusera    - Password: ******** (assume correct password used)    - Description: TeamA-SVN-User 6. Select the newly created Credentials "TeamA-SVN-User". (TODO) Actual Behavior: (TODO) Expected Behavior: (TODO)
Environment	Original: - Jenkins, version 1.546 (latest LTS when this issue created). - Jenkins Credentials Plugin (credentials), version 1.10 (latest when this issue created). - Jenkins Subversion Plugin (subversion), version 2.2 (latest when this issue created). - Jenkins Role Strategy Plugin (role-strategy), version 2.1.0 (latest when this issue created). - JBoss Application Server 4.2.3.	New: - Jenkins, version 1.546 (latest LTS when this issue created). - Jenkins Credentials Plugin (credentials), version 1.10 (latest when this issue created). - Jenkins Subversion Plugin (subversion), version 2.2 (latest when this issue created). - Jenkins Role Strategy Plugin (role-strategy), version 2.1.0 (latest when this issue created). - JBoss Application Server 4.2.3. - Subversion.

Stephen Dharma made changes - 2014-03-21 09:44

Attachment		New: JENKINS-22289_TeamAProject1.png [ 25587 ]
Attachment		New: JENKINS-22289_TeamBProject1.png [ 25588 ]
Description	Original: Currently when using Jenkins with "Subversion Plugin" and "Role Strategy Plugin", the Administrator does not have any control on how to manage "Subversion Credentials" privileges between different teams. Prerequisites: - Jenkins Credentials Plugin installed. - Jenkins Subversion Plugin installed. - Jenkins Role Strategy Plugin installed. - Access Control - Security Realm: "Jenkins’ own user database". - Access Control - Authorization: "Role-Based Strategy". - Role "admin" (Global Privileges: all). - Role "Team-A-Administrators" (Global Privileges: Overall-Read, Credentials-Create, Credentials-View Job-Create)(Project Privileges, Pattern TeamA.*: Credentials-Create, Credentials-View, Job-all, Run-all). (see screenshot: https://issues.jenkins-ci.org/secure/attachment/25586/JENKINS-22289_ManageAndAssignRoles.png ) - Role "Team-B-Administrators" (Global Privileges: Overall-Read, Credentials-Create, Credentials-View, Job-Create)(Project Privileges, Pattern "TeamB.*": Credentials-Create, Credentials-View, Job-all, Run-all). - Jenkins Root Administrator User Account (e.g. "administrator") with Role "admin" (All Privileges). - Team-A Administrator User Account (e.g. "adminteama") with Role "Team-A-Administrators". - Team-B Administrator User Account (e.g. "adminteamb") with Role "Team-B-Administrators". - Subversion repository used by Team-A, (e.g. "svn.mycompany.com/project-a"), with SVN User Account "svnusera". - Subversion repository used by Team-B, (e.g. "svn.mycompany.com/project-b"), with SVN User Account "svnuserb". Steps to reproduce issue: 1. Login as Team-A Administrator ("adminteama"). 2. Create "New Job" with Job Name "TeamA-Project-1", type "Build a free-style software project". 3. In the Project Configuration page, select "Subversion" as the Source Code Management. 4. Input Repository URL "svn.mycompany.com/project-a". 5. Add Credentials,    - Kind: Username with password    - Scope: Global    - Username: svnusera    - Password: ******** (assume correct password used)    - Description: TeamA-SVN-User 6. Select the newly created Credentials "TeamA-SVN-User". (TODO) Actual Behavior: (TODO) Expected Behavior: (TODO)	New: Currently when using Jenkins with "Subversion Plugin" and "Role Strategy Plugin", the Administrator does not seem to have any control on how to manage "Subversion Credentials" privileges for multiple teams. Prerequisites: - Jenkins Credentials Plugin installed. - Jenkins Subversion Plugin installed. - Jenkins Role Strategy Plugin installed. - Access Control - Security Realm: "Jenkins’ own user database". - Access Control - Authorization: "Role-Based Strategy". - Role "admin" (Global Privileges: all). - Role "Team-A-Administrators" (Global Privileges: Overall-Read, Credentials-Create, Credentials-View Job-Create)(Project Privileges, Pattern TeamA.*: Credentials-Create, Credentials-View, Job-all, Run-all). (see screenshot: https://issues.jenkins-ci.org/secure/attachment/25586/JENKINS-22289_ManageAndAssignRoles.png ) - Role "Team-B-Administrators" (Global Privileges: Overall-Read, Credentials-Create, Credentials-View, Job-Create)(Project Privileges, Pattern "TeamB.*": Credentials-Create, Credentials-View, Job-all, Run-all). - Jenkins Root Administrator User Account (e.g. "administrator") with Role "admin" (All Privileges). - Team-A Administrator User Account (e.g. "adminteama") with Role "Team-A-Administrators". - Team-B Administrator User Account (e.g. "adminteamb") with Role "Team-B-Administrators". - Subversion repository used by Team-A, (e.g. "svn.mycompany.com/project-a"), with SVN User Account "svnusera". - Subversion repository used by Team-B, (e.g. "svn.mycompany.com/project-b"), with SVN User Account "svnuserb". Steps to reproduce issue: 1. Login as Team-A Administrator ("adminteama"). 2. Create "New Job" with Job Name "TeamA-Project-1", type "Build a free-style software project". 3. In the Project Configuration page, select "Subversion" as the Source Code Management. 4. Input Repository URL "svn.mycompany.com/project-a". 5. Add Credentials,    - Kind: Username with password    - Scope: Global    - Username: svnusera    - Password: ******** (assume correct password used)    - Description: TeamA-SVN-User 6. Select the newly created Credentials "TeamA-SVN-User". 7. Save Job. 8. Logout. 9. Login as Team-B Administrator ("adminteamb"). 10. Create "New Job" with Job Name "TeamB-Project-1", type "Build a free-style software project". 11. In the Project Configuration page, select "Subversion" as the Source Code Management. 12. Input Repository URL "svn.mycompany.com/project-b". Review existing Credentials list. Actual Behavior: Credentials "TeamA-SVN-User" (belong to Team A) can be viewed and used by Team B, causing the Source Repository of Team A can be accessed by Team B without providing SCM password. Expected Behavior: The ability for Jenkins Root Administrator to provide private Credentials to specific Group/Team. e.g. Credentials created by Team A, should be accessible only to members of Team A.

Stephen Dharma made changes - 2014-03-21 09:50

Description

Original: Currently when using Jenkins with "Subversion Plugin" and "Role Strategy Plugin", the Administrator does not seem to have any control on how to manage "Subversion Credentials" privileges for multiple teams. Prerequisites: - Jenkins Credentials Plugin installed. - Jenkins Subversion Plugin installed. - Jenkins Role Strategy Plugin installed. - Access Control - Security Realm: "Jenkins’ own user database". - Access Control - Authorization: "Role-Based Strategy". - Role "admin" (Global Privileges: all). - Role "Team-A-Administrators" (Global Privileges: Overall-Read, Credentials-Create, Credentials-View Job-Create)(Project Privileges, Pattern TeamA.*: Credentials-Create, Credentials-View, Job-all, Run-all). (see screenshot: https://issues.jenkins-ci.org/secure/attachment/25586/JENKINS-22289_ManageAndAssignRoles.png ) - Role "Team-B-Administrators" (Global Privileges: Overall-Read, Credentials-Create, Credentials-View, Job-Create)(Project Privileges, Pattern "TeamB.*": Credentials-Create, Credentials-View, Job-all, Run-all). - Jenkins Root Administrator User Account (e.g. "administrator") with Role "admin" (All Privileges). - Team-A Administrator User Account (e.g. "adminteama") with Role "Team-A-Administrators". - Team-B Administrator User Account (e.g. "adminteamb") with Role "Team-B-Administrators". - Subversion repository used by Team-A, (e.g. "svn.mycompany.com/project-a"), with SVN User Account "svnusera". - Subversion repository used by Team-B, (e.g. "svn.mycompany.com/project-b"), with SVN User Account "svnuserb". Steps to reproduce issue: 1. Login as Team-A Administrator ("adminteama"). 2. Create "New Job" with Job Name "TeamA-Project-1", type "Build a free-style software project". 3. In the Project Configuration page, select "Subversion" as the Source Code Management. 4. Input Repository URL "svn.mycompany.com/project-a". 5. Add Credentials,    - Kind: Username with password    - Scope: Global    - Username: svnusera    - Password: ******** (assume correct password used)    - Description: TeamA-SVN-User 6. Select the newly created Credentials "TeamA-SVN-User". 7. Save Job. 8. Logout. 9. Login as Team-B Administrator ("adminteamb"). 10. Create "New Job" with Job Name "TeamB-Project-1", type "Build a free-style software project". 11. In the Project Configuration page, select "Subversion" as the Source Code Management. 12. Input Repository URL "svn.mycompany.com/project-b". Review existing Credentials list. Actual Behavior: Credentials "TeamA-SVN-User" (belong to Team A) can be viewed and used by Team B, causing the Source Repository of Team A can be accessed by Team B without providing SCM password. Expected Behavior: The ability for Jenkins Root Administrator to provide private Credentials to specific Group/Team. e.g. Credentials created by Team A, should be accessible only to members of Team A.

New: Currently when using Jenkins with "Subversion Plugin" and "Role Strategy Plugin", the Administrator does not seem to have any control on how to manage "Subversion Credentials" privileges for multiple teams. *Prerequisites:* - Jenkins Credentials Plugin installed. - Jenkins Subversion Plugin installed. - Jenkins Role Strategy Plugin installed. - Access Control - Security Realm: "Jenkins’ own user database". - Access Control - Authorization: "Role-Based Strategy". - Role "admin" (Global Privileges: all). - Role "Team-A-Administrators" (Global Privileges: Overall-Read, Credentials-Create, Credentials-View Job-Create)(Project Privileges, Pattern TeamA.*: Credentials-Create, Credentials-View, Job-all, Run-all). (see screenshot: https://issues.jenkins-ci.org/secure/attachment/25586/JENKINS-22289_ManageAndAssignRoles.png ) - Role "Team-B-Administrators" (Global Privileges: Overall-Read, Credentials-Create, Credentials-View, Job-Create)(Project Privileges, Pattern "TeamB.*": Credentials-Create, Credentials-View, Job-all, Run-all). - Jenkins Root Administrator User Account (e.g. "administrator") with Role "admin" (All Privileges). - Team-A Administrator User Account (e.g. "adminteama") with Role "Team-A-Administrators". - Team-B Administrator User Account (e.g. "adminteamb") with Role "Team-B-Administrators". - Subversion repository used by Team-A, (e.g. "svn.mycompany.com/project-a"), with SVN User Account "svnusera". - Subversion repository used by Team-B, (e.g. "svn.mycompany.com/project-b"), with SVN User Account "svnuserb". *Steps to reproduce issue:* 1. Login as Team-A Administrator ("adminteama"). 2. Create "New Job" with Job Name "TeamA-Project-1", type "Build a free-style software project". 3. In the Project Configuration page, select "Subversion" as the Source Code Management. 4. Input Repository URL "svn.mycompany.com/project-a". 5. Add Credentials,    - Kind: Username with password    - Scope: Global    - Username: svnusera    - Password: ******** (assume correct password used)    - Description: TeamA-SVN-User 6. Select the newly created Credentials "TeamA-SVN-User" (see screenshot: https://issues.jenkins-ci.org/secure/thumbnail/25587/_thumb_25587.png ). 7. Save Job. 8. Logout. 9. Login as Team-B Administrator ("adminteamb"). 10. Create "New Job" with Job Name "TeamB-Project-1", type "Build a free-style software project". 11. In the Project Configuration page, select "Subversion" as the Source Code Management. 12. Input Repository URL "svn.mycompany.com/project-b". Review existing Credentials list. *Actual Behavior:* Credentials "TeamA-SVN-User" (belong to Team A) can be viewed and used by Team B, causing the Source Repository of Team A can be accessed by Team B without providing SCM password. (see screenshot: https://issues.jenkins-ci.org/secure/thumbnail/25588/_thumb_25588.png ) *Expected (improved) Behavior:* The ability for Jenkins Root Administrator to provide private Credentials to specific Group/Team. e.g. Credentials created by Team A, should be accessible only to members of Team A.

Stephen Dharma made changes - 2014-03-21 09:56

Component/s		New: credentials [ 16523 ]
Description	Original: Currently when using Jenkins with "Subversion Plugin" and "Role Strategy Plugin", the Administrator does not seem to have any control on how to manage "Subversion Credentials" privileges for multiple teams. *Prerequisites:* - Jenkins Credentials Plugin installed. - Jenkins Subversion Plugin installed. - Jenkins Role Strategy Plugin installed. - Access Control - Security Realm: "Jenkins’ own user database". - Access Control - Authorization: "Role-Based Strategy". - Role "admin" (Global Privileges: all). - Role "Team-A-Administrators" (Global Privileges: Overall-Read, Credentials-Create, Credentials-View Job-Create)(Project Privileges, Pattern TeamA.*: Credentials-Create, Credentials-View, Job-all, Run-all). (see screenshot: https://issues.jenkins-ci.org/secure/attachment/25586/JENKINS-22289_ManageAndAssignRoles.png ) - Role "Team-B-Administrators" (Global Privileges: Overall-Read, Credentials-Create, Credentials-View, Job-Create)(Project Privileges, Pattern "TeamB.*": Credentials-Create, Credentials-View, Job-all, Run-all). - Jenkins Root Administrator User Account (e.g. "administrator") with Role "admin" (All Privileges). - Team-A Administrator User Account (e.g. "adminteama") with Role "Team-A-Administrators". - Team-B Administrator User Account (e.g. "adminteamb") with Role "Team-B-Administrators". - Subversion repository used by Team-A, (e.g. "svn.mycompany.com/project-a"), with SVN User Account "svnusera". - Subversion repository used by Team-B, (e.g. "svn.mycompany.com/project-b"), with SVN User Account "svnuserb". *Steps to reproduce issue:* 1. Login as Team-A Administrator ("adminteama"). 2. Create "New Job" with Job Name "TeamA-Project-1", type "Build a free-style software project". 3. In the Project Configuration page, select "Subversion" as the Source Code Management. 4. Input Repository URL "svn.mycompany.com/project-a". 5. Add Credentials,    - Kind: Username with password    - Scope: Global    - Username: svnusera    - Password: ******** (assume correct password used)    - Description: TeamA-SVN-User 6. Select the newly created Credentials "TeamA-SVN-User" (see screenshot: https://issues.jenkins-ci.org/secure/thumbnail/25587/_thumb_25587.png ). 7. Save Job. 8. Logout. 9. Login as Team-B Administrator ("adminteamb"). 10. Create "New Job" with Job Name "TeamB-Project-1", type "Build a free-style software project". 11. In the Project Configuration page, select "Subversion" as the Source Code Management. 12. Input Repository URL "svn.mycompany.com/project-b". Review existing Credentials list. *Actual Behavior:* Credentials "TeamA-SVN-User" (belong to Team A) can be viewed and used by Team B, causing the Source Repository of Team A can be accessed by Team B without providing SCM password. (see screenshot: https://issues.jenkins-ci.org/secure/thumbnail/25588/_thumb_25588.png ) *Expected (improved) Behavior:* The ability for Jenkins Root Administrator to provide private Credentials to specific Group/Team. e.g. Credentials created by Team A, should be accessible only to members of Team A.	New: Currently when using Jenkins with "Subversion Plugin" and "Role Strategy Plugin", the Administrator does not seem to have any control on how to manage "Subversion Credentials" privileges for multiple teams. *Prerequisites:* - Jenkins Credentials Plugin installed. - Jenkins Subversion Plugin installed. - Jenkins Role Strategy Plugin installed. - Access Control - Security Realm: "Jenkins’ own user database". - Access Control - Authorization: "Role-Based Strategy". - Role "admin" (Global Privileges: all). - Role "Team-A-Administrators" (Global Privileges: Overall-Read, Credentials-Create, Credentials-View Job-Create)(Project Privileges, Pattern TeamA.*: Credentials-Create, Credentials-View, Job-all, Run-all). (see screenshot: https://issues.jenkins-ci.org/secure/attachment/25586/JENKINS-22289_ManageAndAssignRoles.png ) - Role "Team-B-Administrators" (Global Privileges: Overall-Read, Credentials-Create, Credentials-View, Job-Create)(Project Privileges, Pattern "TeamB.*": Credentials-Create, Credentials-View, Job-all, Run-all). - Jenkins Root Administrator User Account (e.g. "administrator") with Role "admin" (All Privileges). - Team-A Administrator User Account (e.g. "adminteama") with Role "Team-A-Administrators". - Team-B Administrator User Account (e.g. "adminteamb") with Role "Team-B-Administrators". - Subversion repository used by Team-A, (e.g. "svn.mycompany.com/project-a"), with SVN User Account "svnusera". - Subversion repository used by Team-B, (e.g. "svn.mycompany.com/project-b"), with SVN User Account "svnuserb". *Steps to reproduce issue:* # Login as Team-A Administrator ("adminteama"). # Create "New Job" with Job Name "TeamA-Project-1", type "Build a free-style software project". # In the Project Configuration page, select "Subversion" as the Source Code Management. # Input Repository URL "svn.mycompany.com/project-a". # Add Credentials,    - Kind: Username with password    - Scope: Global    - Username: svnusera    - Password: ******** (assume correct password used)    - Description: TeamA-SVN-User # Select the newly created Credentials "TeamA-SVN-User". (see screenshot: https://issues.jenkins-ci.org/secure/thumbnail/25587/_thumb_25587.png ) # Save Job. # Logout. # Login as Team-B Administrator ("adminteamb"). # Create "New Job" with Job Name "TeamB-Project-1", type "Build a free-style software project". # In the Project Configuration page, select "Subversion" as the Source Code Management. # Input Repository URL "svn.mycompany.com/project-b". Review existing Credentials list. *Actual Behavior:* Credentials "TeamA-SVN-User" (belong to Team A) can be viewed and used by Team B, causing the Source Repository of Team A can be accessed by Team B without providing SCM password. (see screenshot: https://issues.jenkins-ci.org/secure/thumbnail/25588/_thumb_25588.png ) *Expected (improved) Behavior:* The ability for Jenkins Root Administrator to provide private Credentials to specific Group/Team. e.g. Credentials created by Team A, should be accessible only to members of Team A.

Oleg Nenashev made changes - 2014-05-18 10:24

Assignee

Original: Oleg Nenashev [ oleg_nenashev ]

Jesse Glick made changes - 2014-10-06 13:21

Resolution		New: Not A Defect [ 7 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

Load more newer history items