Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-3627

Add separate permission to view build logs

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Hi,

      it would be great to hide the console output of a build from unauthorized users.
      We use the project based matrix security and in the console output are possible
      security informations output by hudson.
      For example we are using sonar to run quality checks and hudson (maybe the sonar
      plugin) prints the command line of the sonar build to the console. In this
      commandline are database access information like url, username and password.

      It would be great if the console could be hidden from users just like the
      workspace could.

        Attachments

          Issue Links

            Activity

            Hide
            pjdarton pjdarton added a comment -

            I've just found this issue after a "real-world lesson" in why console access should be more strongly secured than mere "general read access"...

            While I agree with Daniel Beck that a plugin exposing a password would be a bug in the plugin, bugs do happen and Jenkins' core security model should help mitigate this.
            More importantly, these days a lot of jobs will be using pipelines, and pipelines don't necessarily use plugins the way the plugin author intended, thus allowing mere "user error" to expose passwords in plain text by accident that a plugin cannot reasonably prevent. As a Jenkins administrator, I can't bugfix my users, so I need to be able to configure my Jenkins server so that such errors can't cause a big security issue.

            TL;DR: Jenkins allows us to secure access to the workspace as a separate permission - IMO console access should be similarly controllable and the lack of such control is a security weakness.

            Show
            pjdarton pjdarton added a comment - I've just found this issue after a "real-world lesson" in why console access should be more strongly secured than mere "general read access"... While I agree with Daniel Beck that a plugin exposing a password would be a bug in the plugin, bugs do happen and Jenkins' core security model should help mitigate this. More importantly, these days a lot of jobs will be using pipelines, and pipelines don't necessarily use plugins the way the plugin author intended, thus allowing mere "user error" to expose passwords in plain text by accident that a plugin cannot reasonably prevent. As a Jenkins administrator, I can't bugfix my users, so I need to be able to configure my Jenkins server so that such errors can't cause a big security issue. TL;DR: Jenkins allows us to secure access to the workspace as a separate permission - IMO console access should be similarly controllable and the lack of such control is a security weakness.
            Hide
            larkoie Larkoie added a comment -

            I'm also in need of this new feature. I've setup a few pipeline to perform various tasks for our team. When the pipeline executes a sh command it shows the whole command which sometimes contains paths or hosts information (IP address etc...)

            It would be great to allow us to disable the output view to users/groups of users.

            Show
            larkoie Larkoie added a comment - I'm also in need of this new feature. I've setup a few pipeline to perform various tasks for our team. When the pipeline executes a sh command it shows the whole command which sometimes contains paths or hosts information (IP address etc...) It would be great to allow us to disable the output view to users/groups of users.
            Hide
            ashishkumar256 Ashish Kumar added a comment -

            Is this feature available or if any work around, please suggest?

            Show
            ashishkumar256 Ashish Kumar added a comment - Is this feature available or if any work around, please suggest?
            Hide
            tzdunek Tomasz Zdunek added a comment -

            Could anyone inform about plans for this feature?

            Are there any plans to implement it?

            Show
            tzdunek Tomasz Zdunek added a comment - Could anyone inform about plans for this feature? Are there any plans to implement it?
            Hide
            akmjenkins ASHOK MOHANTY added a comment -

            Hi, Any plan/ETA for this one, definitely it will be a great help.

            Show
            akmjenkins ASHOK MOHANTY added a comment - Hi, Any plan/ETA for this one, definitely it will be a great help.

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              knisterpeter knisterpeter
              Votes:
              20 Vote for this issue
              Watchers:
              21 Start watching this issue

                Dates

                Created:
                Updated: