Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-30495

Add 'authenticated' user group to the Matrix UI

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • matrix-auth-plugin
    • None
    • Jenkins ver. 1.609.2

      In a nutshell: it'd be nice if the jelly script that generates the matrix ui element included a row for the 'authenticated' user group in addition to the anonymous user. (I'd even go so far as to advocate replacing 'anonymous' with 'authenticated' as the lone persistent row of the matrix, but that's a bit opinionated.)

      My reasoning for this is simple: in my org many teams have jenkins projects that don't require strict authentication. Sometimes these teams would like to allow anyone in the organization to be able to configure a project, simply because the potential security impact of opening up the project's configs is so low compared to the inconvenience of having to maintain valid auth settings for it. To do this, most users simply give configure privleges to anonymous, because it's there and it gets the job done. Most of them don't realize that 'anonymous' includes non-logged in users, thus opening up their jobs to users who aren't even authenticated. 99% of them don't even know that the 'authenticated' user group exists, let alone that it's probably what they want to use here. I'm sure I'm not alone in this, and simply informing users that there even is an 'authenticated' user while simultaneously giving them an easy way to use it should hopefully eliminate this ignorance.

      This is probably like a 3 line change in GlobalMatrixAuthorizationStrategy/config.jelly from what I can tell.

          [JENKINS-30495] Add 'authenticated' user group to the Matrix UI

          Rob Platt added a comment - - edited

          +1

          Given that adding the row works (I tested with builtin DB security) it is just the view/initial matrix that needs changing. It's only through trawling the internet that I figured out I could use this special "authenticated" SID, and that it wasn't an LDAP group. I suspect there are people out there thinking this isn't possible and going through a hassle setting up permissions on every user. It is a usability thing. I suspect that JENKINS-13029 was created because this feature wasn't visible to the user.

          Resolving this may reduce the amount of queries/stackoverflow/questions and is especially relevant for working around JENKINS-28132.

          Rob Platt added a comment - - edited +1 Given that adding the row works (I tested with builtin DB security) it is just the view/initial matrix that needs changing. It's only through trawling the internet that I figured out I could use this special "authenticated" SID, and that it wasn't an LDAP group. I suspect there are people out there thinking this isn't possible and going through a hassle setting up permissions on every user. It is a usability thing. I suspect that JENKINS-13029 was created because this feature wasn't visible to the user. Resolving this may reduce the amount of queries/stackoverflow/questions and is especially relevant for working around JENKINS-28132 .

          Daniel Beck added a comment -

          Resolved towards matrix-auth 1.8.

          Daniel Beck added a comment - Resolved towards matrix-auth 1.8.

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Daniel Beck
          Path:
          src/main/resources/hudson/security/GlobalMatrixAuthorizationStrategy/config.jelly
          http://jenkins-ci.org/commit/matrix-auth-plugin/acdf0e1db5cffdcaab08047c34fb95c90f06bec7
          Log:
          JENKINS-30495 Improve 'authenticated' and 'anonymous' rows

          • Always show 'authenticated' row to make it discoverable
          • Use group icons and friendly localizable labels for both
          • Show them on top so additions are to the bottom
          • Prevent duplicate rows showing up for both

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: src/main/resources/hudson/security/GlobalMatrixAuthorizationStrategy/config.jelly http://jenkins-ci.org/commit/matrix-auth-plugin/acdf0e1db5cffdcaab08047c34fb95c90f06bec7 Log: JENKINS-30495 Improve 'authenticated' and 'anonymous' rows Always show 'authenticated' row to make it discoverable Use group icons and friendly localizable labels for both Show them on top so additions are to the bottom Prevent duplicate rows showing up for both

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Daniel Beck
          Path:
          src/main/resources/hudson/security/GlobalMatrixAuthorizationStrategy/config.jelly
          http://jenkins-ci.org/commit/matrix-auth-plugin/e176920719a6631c0dfde9be8cc2de08b17b7ce6
          Log:
          Merge pull request #29 from daniel-beck/JENKINS-30495

          JENKINS-30495 Improve 'authenticated' and 'anonymous' rows

          Compare: https://github.com/jenkinsci/matrix-auth-plugin/compare/cb0f58300f02...e176920719a6

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: src/main/resources/hudson/security/GlobalMatrixAuthorizationStrategy/config.jelly http://jenkins-ci.org/commit/matrix-auth-plugin/e176920719a6631c0dfde9be8cc2de08b17b7ce6 Log: Merge pull request #29 from daniel-beck/ JENKINS-30495 JENKINS-30495 Improve 'authenticated' and 'anonymous' rows Compare: https://github.com/jenkinsci/matrix-auth-plugin/compare/cb0f58300f02...e176920719a6

            danielbeck Daniel Beck
            christek91 Christopher Miller
            Votes:
            4 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: