Hello,

Im trying to restrict the nodes in jenkins but doesn't matters what i do, always shows me that the user has lack of permission.

Jenkins v2.190.3

Role-based Authorization Strategy v2.15

Authorize Project v1.3.0

So for this example is:

Acces Control:

• Role-Based Strategy 

Access Control for Builds:

• Project default Build Authorization
     - Strategy Run as anonymous

(the idea is make it work with Run as the user who triggered the build)

Later, I have this configuration:

• A global role called general which just have view
• A Slave role which the pattern is "gradle-.* (I tested with gradle*, gradle.* and even with .*)
• Both roles assigned to anonymous

So when i run a pipeline with a dynamic agent in kubernetes shows me:

Started by user XXXXXX
Running as anonymous

which is ok, after this, the agent is created, connected to jenkins but the job is waiting forever for the agent and if the agent is already connected shows:

‘anonymous’ lacks permission to run on ‘gradle-xxxxxx’

The only way to fix this is run as SYSTEM or add build privileges to "general" global role.

From jenkins logs, nothing relevant is showed up.