Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-38219

Restrict Job.CONFIGURE permissions by plugins

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      authorize-project plugin can easily cause security issues like following situations:

      • User A configured a project X run as user A.
      • User B updates the configuration of project B.
      • User B can do something with the authentication of user A.

      authorize-project avoids this problem by raising an exception when user B tries to configure project A.
      But this has following problem:

      • Raising exception isn't the "proper" way to forbid configuration.
        • It might not work in some cases or in the future version of Jenkins.
      • Users have to configure the project again from the beginning if it is rejected by authorize-project plugin. It isn't user-friendly.
      • There are several ways to configure projects. Web UI, REST WebAPI, CLI. Authorize-project have to cover all configuration methods.

      I believe the "proper" way to forbid a user to configure a project is to revoke Job.CONFIGURE permission for that project form that user.

      Then what I need is a mechanism for plugins to restrict Job.CONFIGURE permissions.

        Attachments

          Activity

          Hide
          ikedam ikedam added a comment -

          Macro supports in role-strategy-plugin might be helpful for this feature.

          Show
          ikedam ikedam added a comment - Macro supports in role-strategy-plugin might be helpful for this feature.
          Hide
          jglick Jesse Glick added a comment -

          Sounds like you need JENKINS-32596 but I am not sure I follow the use case here.

          Show
          jglick Jesse Glick added a comment - Sounds like you need JENKINS-32596 but I am not sure I follow the use case here.

            People

            Assignee:
            ikedam ikedam
            Reporter:
            ikedam ikedam
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: