Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34546

Access Denied missing Job/Create Permission on New Item within Folder

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • Vanilla installation of Jenkins 1.651.1 (LTS) on Linux with up to date plugins (folder plugin at 5.9)

      When ACLs are enabled, users with full privileges on a folder receiving Access Denied when trying to create a New Item within a folder. It only occurs during the AJAX validation of Item Name. It does not prevent clicking OK and actually creating the new item.

      It appears the regression was introduced in 5.6. I think it is related to the changes to use the standard new page in this pull request: https://github.com/jenkinsci/cloudbees-folder-plugin/pull/48

      Reproducer:

      • Install Jenkins 1.651.1 (LTS)
      • Install folder plugin (5.9)
      • In "Configure Global Security"
        • Enable "Jenkin's own user database with sign up" in "Configure Global Security"
        • Save
      • Create a user account (bheiskell) and log in
      • In "Configure Global Security"
        • Enable "Project-based Matrix Authorization Strategy"
        • Add created user account (bheiskell) with full permissions
        • Check Overall read permission for Anonymous
      • Create new folder (Folder)
        • Enable project-based security
        • Add user account (jsmith) to folder with full privileges
      • Logout and create a new account (jsmith)
      • Click New Item within the folder
        • Type anything in the "Item Name" field

          [JENKINS-34546] Access Denied missing Job/Create Permission on New Item within Folder

          Same problem here : Jenkins 1.642.2 and Folder Plugin 5.9 (also in 5.7).
          Problem is pretty annoying as users tend to provide a name before the actually make their choice on the kind of item.
          This gives them the message before they actually see they can click OK, so they think they actually miss the necessary permissions.

          Peter Willekens added a comment - Same problem here : Jenkins 1.642.2 and Folder Plugin 5.9 (also in 5.7). Problem is pretty annoying as users tend to provide a name before the actually make their choice on the kind of item. This gives them the message before they actually see they can click OK, so they think they actually miss the necessary permissions.

          Confirmed problem started in version 5.6.
          Reverted to 5.5 and all works fine.

          Tried version 5.12 in our test environment and the problem still persists.

          This problem is keeping me from upgrading this plugin.

          Peter Willekens added a comment - Confirmed problem started in version 5.6. Reverted to 5.5 and all works fine. Tried version 5.12 in our test environment and the problem still persists. This problem is keeping me from upgrading this plugin.

          Jesse Glick added a comment -

          Harmless, and solved in Jenkins 2.0.

          Jesse Glick added a comment - Harmless, and solved in Jenkins 2.0.

          Ian Williams added a comment -

          Sorry, when supporting over 500 developers who are "self-serve" in terms of creating and managing their own Jenkins jobs, totalling over 4000 active jobs, it's not "harmless". The support questions arising out of this error message are continuous. Further, there is a degree of internal training and documentation which need to be updated before we can migrate to an LTS 2.x version, which will prolong this pain point.

          Respectfully request if a further 1.x LTS version is required, the "fix" be backfilled.

          Ian Williams added a comment - Sorry, when supporting over 500 developers who are "self-serve" in terms of creating and managing their own Jenkins jobs, totalling over 4000 active jobs, it's not "harmless". The support questions arising out of this error message are continuous. Further, there is a degree of internal training and documentation which need to be updated before we can migrate to an LTS 2.x version, which will prolong this pain point. Respectfully request if a further 1.x LTS version is required, the "fix" be backfilled.

          Ian Williams added a comment -

          Sorry, when supporting over 500 developers who are "self-serve" in terms of creating and managing their own Jenkins jobs, totalling over 4000 active jobs, it's not "harmless". The support questions arising out of this error message are continuous. Further, there is a degree of internal training and documentation which need to be updated before we can migrate to an LTS 2.x version, which will prolong this pain point.

          Respectfully request if a further 1.x LTS version is required, the "fix" be backfilled.

          Ian Williams added a comment - Sorry, when supporting over 500 developers who are "self-serve" in terms of creating and managing their own Jenkins jobs, totalling over 4000 active jobs, it's not "harmless". The support questions arising out of this error message are continuous. Further, there is a degree of internal training and documentation which need to be updated before we can migrate to an LTS 2.x version, which will prolong this pain point. Respectfully request if a further 1.x LTS version is required, the "fix" be backfilled.

            jglick Jesse Glick
            bheiskell Benjamin Heiskell
            Votes:
            3 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: