Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23722

Anonymous treated like "Everybody" no as just Anonymous

    • Icon: Bug Bug
    • Resolution: Won't Fix
    • Icon: Major Major
    • core
    • Platform: All, OS: All

      Probably renewal of bug https://issues.jenkins-ci.org/browse/JENKINS-2745

      Also I am using Role Strategy plugin https://wiki.jenkins-ci.org/display/JENKINS/Role+Strategy+Plugin

      I need a global permission to Anonymous user to see all jobs and download artifacts
      For each Project Role group I want to have only jobs, that are possible to edit etc.

      So:
      Anonymous have Global overall read access and jobs read access.
      authenticated user have only Global overall read + Project role access to all project pattern jobs.

      Expected:
      When not logged in all jobs readonly
      When logged in only configurable jobs are present

      Actual:
      When not logged in all jobs readonly
      When logged in all jobs are present

      No easy workaround is present.

          [JENKINS-23722] Anonymous treated like "Everybody" no as just Anonymous

          Oleg Nenashev added a comment -

          The behavior has been introduced by JENKINS-2745.
          Currently, this behavior is being widely used, so the fix won't be reverted

          Do you want to see only configurable jobs in ListViews.
          If yes, you can just...
          1) Create a view with permission filters you need
          2) Make this view default in Jenkins global configuration

          Oleg Nenashev added a comment - The behavior has been introduced by JENKINS-2745 . Currently, this behavior is being widely used, so the fix won't be reverted Do you want to see only configurable jobs in ListViews. If yes, you can just... 1) Create a view with permission filters you need 2) Make this view default in Jenkins global configuration

          Igor Pavlov added a comment - - edited

          Do you want to see only configurable jobs in ListViews.
          If yes, you can just...
          1) Create a view with permission filters you need
          2) Make this view default in Jenkins global configuration

          I should have different default views for each Project role. I'm suppose that's not possible?

          For me Anonymous user is deanonymised, when he's authorized.

          Why not add user special user?

          Probably the best solution here is to have 3 default user's by behavior than:
          1. Anonymous
          2. Everyone
          3. authenticated

          I understand the need for backward compatibility since 2008 so it's impossible to change Anonymous and authenticated names.
          But probably it is possible to add user for real Anonymous case? Like that:
          1. notauthenticated → is really Anonymous
          2. Anonymous → is really Everyone
          3. authenticated → is really authenticated

          Igor Pavlov added a comment - - edited Do you want to see only configurable jobs in ListViews. If yes, you can just... 1) Create a view with permission filters you need 2) Make this view default in Jenkins global configuration I should have different default views for each Project role. I'm suppose that's not possible? For me Anonymous user is deanonymised, when he's authorized. Why not add user special user? Probably the best solution here is to have 3 default user's by behavior than: 1. Anonymous 2. Everyone 3. authenticated I understand the need for backward compatibility since 2008 so it's impossible to change Anonymous and authenticated names. But probably it is possible to add user for real Anonymous case? Like that: 1. notauthenticated → is really Anonymous 2. Anonymous → is really Everyone 3. authenticated → is really authenticated

          Igor Pavlov added a comment -

          not sure if the name (notauthenticated) for not logged in user that I've suggested is good, but I hope you get my point

          Igor Pavlov added a comment - not sure if the name (notauthenticated) for not logged in user that I've suggested is good, but I hope you get my point

          Daniel Beck added a comment -

          I don't get the requirement here. It's not security, as users can just log out to get read access to all jobs.

          It looks more like a presentation issue, which should be solved by using View Job Filters plugin and a view with the User Permissions For Job filter.

          Daniel Beck added a comment - I don't get the requirement here. It's not security, as users can just log out to get read access to all jobs. It looks more like a presentation issue, which should be solved by using View Job Filters plugin and a view with the User Permissions For Job filter.

          akostadinov added a comment -

          I see no point in removing permissions granted to Anonymous. If Anonymous has more permissions, then a user can just skip auth and have them. So what's the benefit authenticated user having less permissions than Anonymous?

          akostadinov added a comment - I see no point in removing permissions granted to Anonymous. If Anonymous has more permissions, then a user can just skip auth and have them. So what's the benefit authenticated user having less permissions than Anonymous?

          Daniel Beck added a comment -

          It's safe to expect we're not going to change this.

          Daniel Beck added a comment - It's safe to expect we're not going to change this.

          Oleg Nenashev added a comment -

          agreed

          Oleg Nenashev added a comment - agreed

            Unassigned Unassigned
            nwlunatic Igor Pavlov
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: