• Type: Improvement
• Resolution: Unresolved
• Priority: Minor
• Component/s: core
• Labels:

  • artifact-download
  • permissions

[JENKINS-47968] Allow downloading artifacts without anything else

Joachim Mairböck created issue - 2017-11-13 12:16

Joachim Mairböck made changes - 2017-11-13 12:18

Description

Original: I would like to configure a job so that some users are only allowed to download artifacts from it but not see anything else, especially not the changes recorded by the SCM plugins (git or svn) and test results. In short, I want the opposite of what not granting the Artifacts permission does, if that is enabled. When not giving a user the Read permission for the job, they don't see the job at all, despite having the Discover (and Artifact) permission. The Discover permission doesn't seem to do anything on its own for autheticated users.

New: I would like to configure a job so that some users are only allowed to download artifacts from it but not see anything else, especially not the changes recorded by the SCM plugins (git or svn) and test results. In short, I want the opposite of what not granting the Artifacts permission does, if that is enabled. When not giving a user the Read permission for the job, they don't see the job at all, despite having the Discover (and Artifact) permission. The Discover permission doesn't seem to do anything on its own for authenticated users.

Collapse comment: Daniel Beck added a comment - 2017-11-20 21:55

Daniel Beck added a comment - 2017-11-20 21:55

I doubt this will ever be implemented, and recommend going with an external artifact distribution mechanism instead.

Expand comment: Daniel Beck added a comment - 2017-11-20 21:55

Daniel Beck added a comment - 2017-11-20 21:55 I doubt this will ever be implemented, and recommend going with an external artifact distribution mechanism instead.

Collapse comment: Joachim Mairböck added a comment - 2017-11-21 08:07

Joachim Mairböck added a comment - 2017-11-21 08:07

I would have expected that users which have the Discover and Artifacts permission, but not the Read Permission on a Job, to be able to see the job in the overview and download artifacts from it. The permissions which should support this are already there, there is no need for a new permission, imho.

Expand comment: Joachim Mairböck added a comment - 2017-11-21 08:07

Joachim Mairböck added a comment - 2017-11-21 08:07 I would have expected that users which have the Discover and Artifacts permission, but not the Read Permission on a Job, to be able to see the job in the overview and download artifacts from it. The permissions which should support this are already there, there is no need for a new permission, imho.

Collapse comment: Daniel Beck added a comment - 2017-11-21 10:26

Daniel Beck added a comment - 2017-11-21 10:26

That's not what Discover does – it's a terrible approach to solving the problem of wanting to allow anon users with Overall/Read to log in to access an inaccessible job without giving them the generic 404 Not Found page. Basically, if we served user-friendly error pages that include a login link, there'd not be a use case left for this permission.

Expand comment: Daniel Beck added a comment - 2017-11-21 10:26

Daniel Beck added a comment - 2017-11-21 10:26 That's not what Discover does – it's a terrible approach to solving the problem of wanting to allow anon users with Overall/Read to log in to access an inaccessible job without giving them the generic 404 Not Found page. Basically, if we served user-friendly error pages that include a login link, there'd not be a use case left for this permission.