Hi,

      it would be great to hide the console output of a build from unauthorized users.
      We use the project based matrix security and in the console output are possible
      security informations output by hudson.
      For example we are using sonar to run quality checks and hudson (maybe the sonar
      plugin) prints the command line of the sonar build to the console. In this
      commandline are database access information like url, username and password.

      It would be great if the console could be hidden from users just like the
      workspace could.

          [JENKINS-3627] Add separate permission to view build logs

          Oleg Nenashev added a comment -

          The request stills actual

          Oleg Nenashev added a comment - The request stills actual

          Daniel Beck added a comment -

          FWIW printing passwords in plain text to the console log should never be done and can be considered a bug in the plugin if it still happens.

          Daniel Beck added a comment - FWIW printing passwords in plain text to the console log should never be done and can be considered a bug in the plugin if it still happens.

          Agreed, printing passwords in plain text to the console should not be done.

          On the other hand, the permission could also be useful to me: I allow anonymous builds and I would like to not display the trigger email at the end publicly.

          mess110 mess110 added a comment - Agreed, printing passwords in plain text to the console should not be done. On the other hand, the permission could also be useful to me: I allow anonymous builds and I would like to not display the trigger email at the end publicly.

          Would be nice to see this added. It'd be useful for for custom build scripts that have an API key or similar in.

          Nathan Rennie-Waldock added a comment - Would be nice to see this added. It'd be useful for for custom build scripts that have an API key or similar in.

          Mads Nielsen added a comment -

          This is a very nice feature that we could use. We have loads of reports that we do not want to show every developer. but we still want to put up a read-only view to just show the status.

          Mads Nielsen added a comment - This is a very nice feature that we could use. We have loads of reports that we do not want to show every developer. but we still want to put up a read-only view to just show the status.

          pjdarton added a comment -

          I've just found this issue after a "real-world lesson" in why console access should be more strongly secured than mere "general read access"...

          While I agree with danielbeck that a plugin exposing a password would be a bug in the plugin, bugs do happen and Jenkins' core security model should help mitigate this.
          More importantly, these days a lot of jobs will be using pipelines, and pipelines don't necessarily use plugins the way the plugin author intended, thus allowing mere "user error" to expose passwords in plain text by accident that a plugin cannot reasonably prevent. As a Jenkins administrator, I can't bugfix my users, so I need to be able to configure my Jenkins server so that such errors can't cause a big security issue.

          TL;DR: Jenkins allows us to secure access to the workspace as a separate permission - IMO console access should be similarly controllable and the lack of such control is a security weakness.

          pjdarton added a comment - I've just found this issue after a "real-world lesson" in why console access should be more strongly secured than mere "general read access"... While I agree with danielbeck that a plugin exposing a password would be a bug in the plugin, bugs do happen and Jenkins' core security model should help mitigate this. More importantly, these days a lot of jobs will be using pipelines, and pipelines don't necessarily use plugins the way the plugin author intended, thus allowing mere "user error" to expose passwords in plain text by accident that a plugin cannot reasonably prevent. As a Jenkins administrator, I can't bugfix my users, so I need to be able to configure my Jenkins server so that such errors can't cause a big security issue. TL;DR: Jenkins allows us to secure access to the workspace as a separate permission - IMO console access should be similarly controllable and the lack of such control is a security weakness.

          Larkoie added a comment -

          I'm also in need of this new feature. I've setup a few pipeline to perform various tasks for our team. When the pipeline executes a sh command it shows the whole command which sometimes contains paths or hosts information (IP address etc...)

          It would be great to allow us to disable the output view to users/groups of users.

          Larkoie added a comment - I'm also in need of this new feature. I've setup a few pipeline to perform various tasks for our team. When the pipeline executes a sh command it shows the whole command which sometimes contains paths or hosts information (IP address etc...) It would be great to allow us to disable the output view to users/groups of users.

          Ashish Kumar added a comment -

          Is this feature available or if any work around, please suggest?

          Ashish Kumar added a comment - Is this feature available or if any work around, please suggest?

          Tomasz Zdunek added a comment -

          Could anyone inform about plans for this feature?

          Are there any plans to implement it?

          Tomasz Zdunek added a comment - Could anyone inform about plans for this feature? Are there any plans to implement it?

          ASHOK MOHANTY added a comment -

          Hi, Any plan/ETA for this one, definitely it will be a great help.

          ASHOK MOHANTY added a comment - Hi, Any plan/ETA for this one, definitely it will be a great help.

            Unassigned Unassigned
            knisterpeter knisterpeter
            Votes:
            20 Vote for this issue
            Watchers:
            21 Start watching this issue

              Created:
              Updated: