Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61344

Api call with a token lead to a 403 but the user has "overall read" via "authenticated user" group

    XMLWordPrintable

Details

    Description

      I use "Project-based Matrix Authorization Strategy ".

      I set the group "Authenticated Users" with permission overall read, job read, credential view, view read.

      If a user try to call an api with a token like: `curl -u myuser:123456 -v -H 'Accept: application/json' https://jenkins/api/json` then the response is 403 with a HTML body in which I have "myuser is missing the Overall/Read permission"

      If I add a "overall read" permission on the "myuser" itself, then the api is working (200 + data)

      Does this mean that authenticating via a token do not add the 'authenticated' group ? Is this wanted? if so why not a "tokens" group ?

      Attachments

        Activity

          gregoirew greg oire created issue -
          danielbeck Daniel Beck made changes -
          Field Original Value New Value
          Resolution Not A Defect [ 7 ]
          Status Open [ 1 ] Closed [ 6 ]

          People

            danielbeck Daniel Beck
            gregoirew greg oire
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: