Details
-
Type:
Bug
-
Status: Open (View Workflow)
-
Priority:
Critical
-
Resolution: Unresolved
-
Component/s: gitlab-branch-source-plugin
-
Labels:
-
Environment:gitlab server (www.gitlab.com)
jenkins docker official image 2.222.4 (occurs in 2.263.1 as well)
plugins and configuration attached as files.
-
Similar Issues:
Description
steps to recreate:
- create a folder
- enable folder based permissions
- add a user and grant all the available permissions
- create a multibranch job in the folder
- in branch source, choose gitlab.
- user gets the following error message between the "projects" section and the "Behaviours" section:
------------------------------
Access Denied
<username> is missing the Job/Build permission
--------------------------------
workaround:
granting the user the Job/Build permission in "Configure Global Security " solves the problem, but this is major breach in security.
it appears as if the plugin doesn't take into account the permissions granted to the user at the folder level.
Attachments
Activity
Field | Original Value | New Value |
---|---|---|
Attachment | job-configuration-error.jpg [ 51323 ] | |
Attachment | folder-level-configuration.jpg [ 51324 ] | |
Issue Type | Improvement [ 4 ] | Bug [ 1 ] |
Attachment | jenkins-log.txt [ 51325 ] |
Environment |
jenkins server 2.222.3 folders plugin 6.12 matrix authorization plugin 2.6.1 matrix project plugin 1.14 gitlab branch source plugin 1.5.1 |
gitlab server 12.10.0-ee jenkins server 2.222.3 folders plugin 6.12 matrix authorization plugin 2.6.1 matrix project plugin 1.14 gitlab branch source plugin 1.5.1 |
Description |
steps to recreate: # create a folder # enable folder based permissions # add a user and grant all the available permissions # create a multibranch job in the folder # in branch source, choose gitlab. # user gets the following error message between the "projects" section and the "Behaviours" section: ------------------------------ Access Denied <username> is missing the Job/Build permission -------------------------------- workaround: granting the user the Job/Build permission in "Configure Global Security " solves the problem, but this is major breach in security. it appears as if the plugin doesn't take into account the permissions granted to the user at the folder level. i'll provide the line from the log shortly. |
steps to recreate: # create a folder # enable folder based permissions # add a user and grant all the available permissions # create a multibranch job in the folder # in branch source, choose gitlab. # user gets the following error message between the "projects" section and the "Behaviours" section: ------------------------------ Access Denied <username> is missing the Job/Build permission -------------------------------- workaround: granting the user the Job/Build permission in "Configure Global Security " solves the problem, but this is major breach in security. it appears as if the plugin doesn't take into account the permissions granted to the user at the folder level. |
Environment |
gitlab server 12.10.0-ee jenkins server 2.222.3 folders plugin 6.12 matrix authorization plugin 2.6.1 matrix project plugin 1.14 gitlab branch source plugin 1.5.1 |
gitlab server 12.10.0-ee jenkins server 2.222.3 folders plugin 6.12 matrix authorization plugin 2.6.1 matrix project plugin 1.14 gitlab branch source plugin 1.5.1 multiple scms plugin 0.6 |
Status | Open [ 1 ] | In Progress [ 3 ] |
Status | In Progress [ 3 ] | Open [ 1 ] |
Summary | users unable to create multibranch jobs without global Job/Build permission | users unable to configure multibranch jobs without global Job/Build permission |
Attachment | creating a multibranch pipeline as the user.jpg [ 51657 ] | |
Attachment | creating the multi branch pipeline as the user.jpg [ 51658 ] | |
Attachment | gitlab server definition.jpg [ 51659 ] | |
Attachment | jenkins root folder.jpg [ 51660 ] | |
Attachment | jenkins security definition.jpg [ 51661 ] | |
Attachment | jenkins user definition.jpg [ 51662 ] | |
Attachment | some_folder configuration.jpg [ 51663 ] | |
Attachment | uesr receive error message when creating gitlab project.jpg [ 51664 ] |
Attachment | jenkins-plugins-installed.txt [ 51665 ] |
Attachment | folder-level-configuration.jpg [ 51324 ] |
Attachment | jenkins-log.txt [ 51325 ] |
Attachment | job-configuration-error.jpg [ 51323 ] |
Environment |
gitlab server 12.10.0-ee jenkins server 2.222.3 folders plugin 6.12 matrix authorization plugin 2.6.1 matrix project plugin 1.14 gitlab branch source plugin 1.5.1 multiple scms plugin 0.6 |
gitlab server (www.gitlab.com) jenkins docker official image 2.222.4 plugins and configuration attached as files. |
Assignee | Parichay Barpanda [ baymac ] | Rick [ surenpi ] |
Environment |
gitlab server (www.gitlab.com) jenkins docker official image 2.222.4 plugins and configuration attached as files. |
gitlab server (www.gitlab.com)
jenkins docker official image 2.222.4 (occurs in 2.163.1 as well) plugins and configuration attached as files. |
Environment |
gitlab server (www.gitlab.com)
jenkins docker official image 2.222.4 (occurs in 2.163.1 as well) plugins and configuration attached as files. |
gitlab server (www.gitlab.com)
jenkins docker official image 2.222.4 (occurs in 2.263.1 as well) plugins and configuration attached as files. |
Hey Amit Dar,
What is the expected behavior that you would like to see? Perhaps you could describe the ideal situation?
In order to actually create a job, a user will need more privileges than Job/Build (Job/Configure). Job/Build will just let users kick off a build. If you're trying to set up an org you might take a look at the [Job DSL Plugin|https://plugins.jenkins.io/job-dsl/].
Hope that helps.