Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-29638

Build promotion will allow running of a job a user doesn't have permission to start

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: promoted-builds-plugin
    • Labels:
    • Environment:
      Jenkins 1.609.1, promoted builds 2.21, Matrix Authorization Strategy 1.2, Parameterized Trigger 2.27, CloudBees Folders 4.9
    • Similar Issues:

      Description

      I have two jobs, Folder/job1 and Folder/job2. A promotion process is defined on Folder/job1 which requires manual approval by User; the promotion process specifies 'Trigger/call builds on other projects' to run Folder/job2 with the 'block until finished' option selected.

      User is a global administrator with all permissions granted, but Folder/job2 has project-based security which overrides the global matrix and specifies that User does not have the 'build' permission, i.e. the checkbox is clear. When visiting the job page for Folder/job2, User is not given an option to build. However, if User clicks the promote button on Folder/job1, Folder/job2 builds.

      I think that in this scenario the promotion process should fail.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            wsaxon Will Saxon
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated: