-
Improvement
-
Resolution: Won't Do
-
Major
-
None
It is not possible to access the Plugin Manager without Administer permission.
I want to create a user that must be able to update plugins. However, this user should not be able to:
- Manage Jenkins
- Upload Plugins (in the Advanced Tab)
- Configure the Update Center (in the Advanced Tab)
Permissions to revoke in order to achieve that are:
- Administer to restrict access to Manager Jenkins
- ConfigureUpdateCenter and UploadPlugin to restrict access to the Advanced Tab
However we cannot make it work because a user without Administer permission cannot access to the Plugin Manager.
- is related to
-
JENKINS-21336 ADMINISTER should not imply RUN_SCRIPTS
-
- In Progress
-
- links to
[JENKINS-32289] RFE - Access to Plugins Manager in without Administer permission
This makes absolutely no sense. If someone can upload plugins, they can give themselves Administer permission by writing and uploading give-me-admin-permission plugin.
Removed the assignment since it is not a Role Strategy issue. IMHO it is also "won't fix", but needs a decision from the security team. CC danielbeck