Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-29638

Build promotion will allow running of a job a user doesn't have permission to start

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: promoted-builds-plugin
    • Labels:
    • Environment:
      Jenkins 1.609.1, promoted builds 2.21, Matrix Authorization Strategy 1.2, Parameterized Trigger 2.27, CloudBees Folders 4.9
    • Similar Issues:

      Description

      I have two jobs, Folder/job1 and Folder/job2. A promotion process is defined on Folder/job1 which requires manual approval by User; the promotion process specifies 'Trigger/call builds on other projects' to run Folder/job2 with the 'block until finished' option selected.

      User is a global administrator with all permissions granted, but Folder/job2 has project-based security which overrides the global matrix and specifies that User does not have the 'build' permission, i.e. the checkbox is clear. When visiting the job page for Folder/job2, User is not given an option to build. However, if User clicks the promote button on Folder/job1, Folder/job2 builds.

      I think that in this scenario the promotion process should fail.

        Attachments

          Activity

          wsaxon Will Saxon created issue -
          jglick Jesse Glick made changes -
          Field Original Value New Value
          Component/s parameterized-trigger-plugin [ 15592 ]
          Component/s matrix-auth-plugin [ 18131 ]
          jglick Jesse Glick made changes -
          Labels plugins promotion security permission
          jglick Jesse Glick made changes -
          Assignee Jesse Glick [ jglick ]
          rtyler R. Tyler Croy made changes -
          Workflow JNJira [ 164615 ] JNJira + In-Review [ 181651 ]

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            wsaxon Will Saxon
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated: