Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61316

role-strategy-plugin shows all users for all users

    XMLWordPrintable

Details

    Description

       I have a role to show only jobs related to pattern. It has permission only to read, build and discover jobs. Nothing else. And it works BUT as I am logged in as user in this role I am able to see all other users. What is it? There is no permission to see users so how is it possible? You can see settings in the picture.

      Attachments

        Issue Links

          Activity

            oleg_nenashev Oleg Nenashev added a comment -

            Currently Jenkins user listing is tied to the Overall/read permission, so all users with such permission will be able to see users. It is managed by the Jenkins Core, so there is nothing what could be done on the plugin level.

            P.S: FTR you assigned the issue to yourself while creating it, so I have never received a notification

             

            oleg_nenashev Oleg Nenashev added a comment - Currently Jenkins user listing is tied to the Overall/read permission, so all users with such permission will be able to see users. It is managed by the Jenkins Core, so there is nothing what could be done on the plugin level. P.S: FTR you assigned the issue to yourself while creating it, so I have never received a notification  
            oleg_nenashev Oleg Nenashev added a comment -

            I believe it is a full duplicate of JENKINS-18884 (thanks to danielbeck for the link)

            oleg_nenashev Oleg Nenashev added a comment - I believe it is a full duplicate of  JENKINS-18884 (thanks to danielbeck for the link)

            Yes this seems to be dulicate BUT it was created at 2013-07-23. What is that? Reason to stop using Jenkins?  

            vladimir81 Vladimír Čamaj added a comment - Yes this seems to be dulicate BUT it was created at 2013-07-23. What is that? Reason to stop using Jenkins?  
            oleg_nenashev Oleg Nenashev added a comment -

            Reason to contribute if you are interested in this issue vladimir81. Jenkins is a community-driven project, and everyone is welcome to submit a pull request for changes affecting them. Or to facilitate it otherwise. We do not provide support with SLAs as a community

            oleg_nenashev Oleg Nenashev added a comment - Reason to contribute if you are interested in this issue vladimir81 . Jenkins is a community-driven project, and everyone is welcome to submit a pull request for changes affecting them. Or to facilitate it otherwise. We do not provide support with SLAs as a community

            But this is security issue. Who wrote that code? I am not able to fix random language or project I have ever used....

            vladimir81 Vladimír Čamaj added a comment - But this is security issue. Who wrote that code? I am not able to fix random language or project I have ever used....

            People

              vladimir81 Vladimír Čamaj
              vladimir81 Vladimír Čamaj
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: