-
New Feature
-
Resolution: Fixed
-
Major
Due to security reasons, sometimes Jenkins admins may want to completely restrict running jobs as a system/anonymous and setup custom security limitations. In such case it would be useful to add the following features:
- Global default strategy (if no one configured at the project level)
- Enforced global strategy, which prevents setting other strategies on the project level
- duplicates
-
JENKINS-22949 QueueItemAuthenticator fallback behavior cleanup
-
- Resolved
-
- is related to
-
JENKINS-22949 QueueItemAuthenticator fallback behavior cleanup
-
- Resolved
-
-
JENKINS-32770 Provide a mechanism to run specific projects as ACL.SYSTEM
-
- Closed
-
I think the motivation here is misstated. If you have configured the ProjectQueueItemAuthenticator, then if any project lacks an AuthorizeProjectProperty, it will be given no authentication, and callers of Tasks.getDefaultAuthenticationOf are obliged to treat this condition as if the associated authentication were ACL.ANONYMOUS (cf.
JENKINS-22949), so there is no security risk in a particular project being unconfigured—it merely will not be able to do anything requiring special permissions.