SCM/JIRA link daemon added a comment - 2018-02-26 14:34 Code changed in jenkins User: Oleg Nenashev Path: CHANGELOG.md http://jenkins-ci.org/commit/ownership-plugin/5829e72f07434090286933830c0056dc99db7309 Log: Changelog: Noting 0.12.0 with SECURITY-498 fix and the JENKINS-49744 regression

Andrew Barnish added a comment - 2018-03-06 19:12 We are seeing the same problem when copying a job using Jenkins Web interface as we get a stack trace for users who have manage ownership but no admin permission. the stacktrace includes messages like: Caused: com.thoughtworks.xstream.converters.reflection.ObjectAccessException: Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : <USER> is missing the Overall/Administer permission I can provide the full stacktrace if necessary.

Oleg Nenashev added a comment - 2018-03-06 19:16 will try to ship it

Devin Nusbaum added a comment - 2018-03-06 19:18 barnish To confirm, you are only seeing the error when users attempt to configure folders, but not jobs or nodes, right?

Andrew Barnish added a comment - 2018-03-07 09:09 It happens when copying a job (within a folder) to a new job in a folder. The new job gets created but the configuration is not copied over correctly. It is not preventing users from configuring existing jobs. We have not tried node configuration.  

Filipe Rocha Nogueira added a comment - 2018-03-23 12:50 I have the same problem when copying a job to a new job.

Alexander Ukhanov added a comment - 2018-03-27 14:57 Same problem with copying job from web-interface

Andrew Barnish added a comment - 2018-04-10 21:17 oleg_nenashev , is there any progress with this issue? Do you require any further information to help with the debug?

Oleg Nenashev added a comment - 2018-04-15 09:29 Working on it, sorry for the delay

Oleg Nenashev added a comment - 2018-04-19 18:57 I am going to ship https://github.com/jenkinsci/ownership-plugin/pull/73 by the weekend. Meanwhile you can take https://ci.jenkins.io/job/Plugins/job/ownership-plugin/job/PR-73/2/artifact/target/ownership.hpi and try it out

Régis Maura added a comment - 2018-04-20 13:03 Hello Oleg, Thank you for working on this issue. I have been rolling back to previous version of Job and Node Ownership plugin, and now I test your snapshot version displayed as "Job and Node ownership plugin 0.12.1-SNAPSHOT (private-408385f7-jenkins)" and maven ID "com.synopsys.jenkinsci:ownership:0.12.1-SNAPSHOT" Unfortunately, non-admin users are still facing an exception report while duplicating job they own. On server side, here are the logs: avr. 20, 2018 2:40:57 PM com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription checkUnsecuredConfiguration AVERTISSEMENT: Cannot locate OwnershipHelperClass for object hudson.model.AllView@e898c9[user/j_ser/my-views/view/Tous/]. Jenkins.ADMINISTER permissions will be required to change ownership avr. 20, 2018 2:40:57 PM org.eclipse.jetty.server.handler.ContextHandler$Context log AVERTISSEMENT: Error while serving http://topvm09.sesame.infotel.com:8080/user/j_ser/my-views/view/Tous/createItem java.lang.reflect.InvocationTargetException at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:347) at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77) at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) at org.kohsuke.stapler.MetaClass$10.dispatch(MetaClass.java:374) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:841) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at com.smartcodeltd.jenkinsci.plugin.assetbundler.filters.LessCSS.doFilter(LessCSS.java:47) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:237) at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:214) at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:88) at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:114) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:64) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:564) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:317) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) at org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:128) at org.eclipse.jetty.util.thread.Invocable$InvocableExecutor.invoke(Invocable.java:222) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:294) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:199) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: java.io.IOException: Unable to read C:\dev\programmes\Jenkins\jobs\PACAT_AIRPLAN_Delivery_test\config.xml at hudson.XmlFile.read(XmlFile.java:149) at hudson.model.Items.load(Items.java:371) at hudson.model.ItemGroupMixIn$3.call(ItemGroupMixIn.java:248) at hudson.model.ItemGroupMixIn$3.call(ItemGroupMixIn.java:246) at hudson.model.Items.whileUpdatingByXml(Items.java:135) at hudson.model.ItemGroupMixIn.copy(ItemGroupMixIn.java:246) at hudson.model.ItemGroupMixIn.createTopLevelItem(ItemGroupMixIn.java:186) at jenkins.model.Jenkins.doCreateItem(Jenkins.java:3817) at jenkins.model.Jenkins.doCreateItem(Jenkins.java:302) at hudson.model.AllView.doCreateItem(AllView.java:99) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343) ... 90 more Caused by: jenkins.util.xstream.CriticalXStreamException: Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission : Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission ---- Debugging information ---- message : Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission cause-exception : com.thoughtworks.xstream.converters.reflection.ObjectAccessException cause-message : Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission class : com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription required-type : com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription converter-type : hudson.util.RobustReflectionConverter path : /project/properties/com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerJobProperty/ownership line number : 55 ------------------------------- : Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission : Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission ---- Debugging information ---- message : Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission cause-exception : com.thoughtworks.xstream.converters.reflection.ObjectAccessException cause-message : Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission class : com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription required-type : com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription converter-type : hudson.util.RobustReflectionConverter path : /project/properties/com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerJobProperty/ownership line number : 55 ------------------------------- message : Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission : Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission ---- Debugging information ---- message : Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission cause-exception : com.thoughtworks.xstream.converters.reflection.ObjectAccessException cause-message : Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission class : com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription required-type : com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription converter-type : hudson.util.RobustReflectionConverter path : /project/properties/com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerJobProperty/ownership line number : 55 ------------------------------- cause-exception : com.thoughtworks.xstream.converters.ConversionException cause-message : Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission : Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission class : com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerJobProperty required-type : com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription converter-type : hudson.util.RobustReflectionConverter path : /project/properties/com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerJobProperty/ownership line number : 55 class[1] : hudson.util.CopyOnWriteList converter-type[1] : hudson.util.XStream2$AssociatedConverterImpl class[2] : hudson.model.FreeStyleProject version : not available ------------------------------- at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:356) at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:270) at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72) at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50) at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.readItem(AbstractCollectionConverter.java:71) at hudson.util.CopyOnWriteList$ConverterImpl.unmarshal(CopyOnWriteList.java:197) at hudson.util.CopyOnWriteList$ConverterImpl.unmarshal(CopyOnWriteList.java:176) at hudson.util.XStream2$AssociatedConverterImpl.unmarshal(XStream2.java:465) at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72) at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66) at hudson.util.RobustReflectionConverter.unmarshalField(RobustReflectionConverter.java:393) at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:331) at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:270) at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72) at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50) at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:134) at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32) at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1189) at hudson.util.XStream2.unmarshal(XStream2.java:160) at hudson.util.XStream2.unmarshal(XStream2.java:131) at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1173) at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1053) at hudson.XmlFile.read(XmlFile.java:147) ... 101 more Caused by: com.thoughtworks.xstream.converters.ConversionException: Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission : Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission ---- Debugging information ---- message : Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission cause-exception : com.thoughtworks.xstream.converters.reflection.ObjectAccessException cause-message : Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission class : com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription required-type : com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription converter-type : hudson.util.RobustReflectionConverter path : /project/properties/com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerJobProperty/ownership line number : 55 ------------------------------- at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:79) at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66) at hudson.util.RobustReflectionConverter.unmarshalField(RobustReflectionConverter.java:393) at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:331) ... 128 more Caused by: com.thoughtworks.xstream.converters.reflection.ObjectAccessException: Could not call com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve() : Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission at com.thoughtworks.xstream.converters.reflection.SerializationMethodInvoker.callReadResolve(SerializationMethodInvoker.java:72) at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:271) at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72) ... 132 more Caused by: java.io.InvalidObjectException: Cannot modify permissions of Jenkins of type class hudson.model.Hudson: j_ser is missing the Global/Administer permission at com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.throwIfMissingPermission(OwnershipDescription.java:434) at com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.checkUnsecuredConfiguration(OwnershipDescription.java:419) at com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.readResolve(OwnershipDescription.java:382) at sun.reflect.GeneratedMethodAccessor70.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.thoughtworks.xstream.converters.reflection.SerializationMethodInvoker.callReadResolve(SerializationMethodInvoker.java:66) ... 134 more Suppressed: hudson.security.AccessDeniedException2: j_ser is missing the Global/Administer permission at hudson.security.ACL.checkPermission(ACL.java:73) at hudson.security.AccessControlled.checkPermission(AccessControlled.java:47) at com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription.throwIfMissingPermission(OwnershipDescription.java:424) ... 140 more Please note that we are on Jenkins 2.114

Oleg Nenashev added a comment - 2018-04-20 13:07 rmaura thanks for the feedback! I will do more testing of it

Régis Maura added a comment - 2018-04-20 13:47 - edited I have updated Jenkins to 2.117 but still have the issue. I found that it may be related to Folder plugin too. When I copy a job from a folder to the same folder , there is no error. In this case, I am the owner of both the folder and the original job. I'm also set as owner of the copy job. So this scenario is : from URL http://jenkins/job/FOLDER_NAME/ New Item --> job name = MY_JOB_IN_FOLDER_COPY / copy from = MY_JOB_IN_FOLDER => Copy is OK When I copy a job from a folder to root , I get the error. In this case, the scenario is: from URL : http://jenkins/job/ New item --> job name = MY_JOB_ROOT_COPY / copy from = FOLDER_NAME /MY_JOB_IN_FOLDER => Copy fails When I copy a job from a root to root , I get the error. In this case, the scenario is: from URL : http://jenkins/job/ New item --> job name = MY_JOB_IN_ROOT_COPY / copy from = MY_JOB_IN_ROOT => Copy fails When I copy a job from root to a subfolder , there is no error. In this case, the scenario is: from URL : http://jenkins/job/FOLDER_NAME/ New item --> job name = MY_JOB_IN_FOLDER2 / copy from = .. /MY_JOB_IN_ROOT => Copy is OK I don't know if this is the use of both ownership and folder plugins, but it seems that only copy of job in root folder is causing issue. Note that users can still create new job in root folder without errors. Hope this help

SCM/JIRA link daemon added a comment - 2018-04-30 19:39 Code changed in jenkins User: Oleg Nenashev Path: src/test/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobPropertyTest.java src/test/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnerNodePropertyTest.java http://jenkins-ci.org/commit/ownership-plugin/a5136e7ec830b40999cd320f322748ac801874bc Log: JENKINS-49744 - Annotate test methods created by @dwnusbaum

SCM/JIRA link daemon added a comment - 2018-04-30 19:39 Code changed in jenkins User: Oleg Nenashev Path: src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipDescription.java http://jenkins-ci.org/commit/ownership-plugin/bcc2c27aae247a8359a74c639eba54976a416be4 Log: JENKINS-49744 - Improve diagnostics messages when permission is missing

SCM/JIRA link daemon added a comment - 2018-04-30 19:39 Code changed in jenkins User: Oleg Nenashev Path: src/test/java/org/jenkinsci/plugins/ownership/folders/FolderOwnershipPropertyTest.java http://jenkins-ci.org/commit/ownership-plugin/1f3d3846e50c2d994e99aa7eee485195e143862f Log: JENKINS-49744 - Add tests for FolderOwnership job property

SCM/JIRA link daemon added a comment - 2018-04-30 19:39 Code changed in jenkins User: Oleg Nenashev Path: src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipDescription.java src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerHelper.java src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/ComputerOwnerHelper.java src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnerHelper.java src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnerPropertyHelper.java src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/AbstractOwnershipHelper.java src/main/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipHelper.java src/main/java/org/jenkinsci/plugins/ownership/model/runs/RunOwnershipHelper.java src/test/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobPropertyTest.java src/test/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnerNodePropertyTest.java src/test/java/org/jenkinsci/plugins/ownership/folders/FolderOwnershipPropertyTest.java http://jenkins-ci.org/commit/ownership-plugin/cb26e15b7b3d79da413b4c92deaf59b074f2a349 Log: Merge pull request #73 from oleg-nenashev/ JENKINS-49744 JENKINS-49744 - Generalize permission checks via Ownership Helpers to support folders Compare: https://github.com/jenkinsci/ownership-plugin/compare/63d071ccf7d7...cb26e15b7b3d

Oleg Nenashev added a comment - 2018-04-30 20:36 rmaura I am releasing what I have for this issue now. It is not a fix for the regression you reported, will follow-up on that separately.

Oleg Nenashev added a comment - 2018-04-30 21:18 Some bits have been released in 0.12.1. I am going to also address createItem() somehow, but it's not trivial

Michael Vincent added a comment - 2018-08-24 19:52 FYI, I had to roll back to 0.11 to work around the createItem() issue. Hopefully it can be resolved soon 

Florian RUYNAT added a comment - 2019-10-07 15:47 oleg_nenashev Also bumping this issue back in your list if not already in it

Deepak added a comment - 2021-01-01 14:01 oleg_nenashev  More than a year since the last comment on this issue, I can confirm that this issue still exists. Please let me know if you or anyone is working on this ?

Oleg Nenashev added a comment - 2021-01-01 14:54 My apologies, I have updated the issue status. Unfortunately I have been unable to work on the plugin recently. My apologies for this issue and for the fact it has not been fixed yet.  

Greg added a comment - 2021-08-27 17:27 Thanks for creating this plugin oleg_nenashev . It's been very useful Previously I had no issue just using the older ownership plugin release (0.11.0) to fix the copying jobs problem, but in newer versions of jenkins (2.289.4+), that version of the plugin now breaks the UI under the Manage Jenkins section.  Is this something that you think might get fixed? And if not, is there anything I can do to help contribute? Based on the comments, it sounded like you were aware what was causing the problem, but just didnt have time to work on it. Maybe you have some notes I can use to try to solve it?