Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61316

role-strategy-plugin shows all users for all users

       I have a role to show only jobs related to pattern. It has permission only to read, build and discover jobs. Nothing else. And it works BUT as I am logged in as user in this role I am able to see all other users. What is it? There is no permission to see users so how is it possible? You can see settings in the picture.

          [JENKINS-61316] role-strategy-plugin shows all users for all users

          Oleg Nenashev added a comment -

          Currently Jenkins user listing is tied to the Overall/read permission, so all users with such permission will be able to see users. It is managed by the Jenkins Core, so there is nothing what could be done on the plugin level.

          P.S: FTR you assigned the issue to yourself while creating it, so I have never received a notification

           

          Oleg Nenashev added a comment - Currently Jenkins user listing is tied to the Overall/read permission, so all users with such permission will be able to see users. It is managed by the Jenkins Core, so there is nothing what could be done on the plugin level. P.S: FTR you assigned the issue to yourself while creating it, so I have never received a notification  

          Oleg Nenashev added a comment -

          I believe it is a full duplicate of JENKINS-18884 (thanks to danielbeck for the link)

          Oleg Nenashev added a comment - I believe it is a full duplicate of  JENKINS-18884 (thanks to danielbeck for the link)

          Yes this seems to be dulicate BUT it was created at 2013-07-23. What is that? Reason to stop using Jenkins?  

          Vladimír Čamaj added a comment - Yes this seems to be dulicate BUT it was created at 2013-07-23. What is that? Reason to stop using Jenkins?  

          Oleg Nenashev added a comment -

          Reason to contribute if you are interested in this issue vladimir81. Jenkins is a community-driven project, and everyone is welcome to submit a pull request for changes affecting them. Or to facilitate it otherwise. We do not provide support with SLAs as a community

          Oleg Nenashev added a comment - Reason to contribute if you are interested in this issue vladimir81 . Jenkins is a community-driven project, and everyone is welcome to submit a pull request for changes affecting them. Or to facilitate it otherwise. We do not provide support with SLAs as a community

          But this is security issue. Who wrote that code? I am not able to fix random language or project I have ever used....

          Vladimír Čamaj added a comment - But this is security issue. Who wrote that code? I am not able to fix random language or project I have ever used....

            vladimir81 Vladimír Čamaj
            vladimir81 Vladimír Čamaj
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: