-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
When a restricted user is configured to only have permissions on a select number of projects he can still see delivery pipeline views (although empty) for other projects.
Broken in Jenkins 1.656, delivery-pipeline-plugin 0.9.9
This behavior broke somewhere after 0.9.5 of the delivery-pipeline-plugin.
To reproduce:
- In global security configure project-based matrix authorization
- Remove all permissions on the anonymous role
- Add a test user and give him overall -> read permission and no other permissions
- Configure a delivery pipeline with one or two projects under it
- Note that the test user cannot see these projects
- Note that the test user can see the delivery pipeline view while he should not
[JENKINS-34493] Delivery pipeline view shows even when the user doesn't have permissions on underlying projects
Workflow | Original: JNJira [ 170621 ] | New: JNJira + In-Review [ 183978 ] |
Priority | Original: Critical [ 2 ] | New: Minor [ 4 ] |
Issue Type | Original: Bug [ 1 ] | New: Improvement [ 4 ] |