Details
-
Bug
-
Status: Closed (View Workflow)
-
Blocker
-
Resolution: Cannot Reproduce
-
None
-
Jenkins 2.189
LDAP
Description
We have a folder with projects inside which have `project-based security` enabled and the Inheritance Strategy is set to `Inherit from parent`. The folder's permissions are:
In the screenshot above I've added `myname-noaccess` just to illustrate the group permissions - in reality it is missing in the configuration.
The problem is that the users from the `myname-noaccess` group, although not configured anywhere, are able to see the all of projects within the folder. While trying to figure out the issue, I noticed that `myname-noaccess` users actually have the same permissions as the `myname` group and once I removed it the folder and projects inside stopped appearing for `myname-noaccess`.
I believe there might be an issue with how the permissions are being detected - most likely there is a wildcard somewhere.
The temporary fix is to rename `myname` group to something like `myname-core`.
Attachments
Activity
Closing for now. stodorov Please reopen if this is still a problem, and provide the requested information above.
(Everyone else: Please file a new issue if you experience something similar.)
stodorov Is this still a problem?
My best guess is something is weird about the group memberships, and I would have affected users go to the /whoAmI URL to see what groups they're a member of.