Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Not A Defect
-
Jenkins Version 2.249.2 running on Windows Server 2016 Datacenter
JRE Version 1.8.0_261-b12
Role Strategy Plugin Version 3.1
Description
Assume the following folder structure
Folder1/JobA Folder1/JobB Folder2/JobC
The global role for the user only has the Overall/Read permission and the configured project roles have all possible permissions.
When configuring a new project role for folder1 I want the pattern to be
^Folder1/.*
so only JobA and JobB can be accessed.
But when logging in with a user account that has only this permission only the empty "Welcome to Jenkins" page is displayed.
If I instead use the pattern
^Folder1.*
the user can access Folder1 and all items within as expected.
This seems to always happen when a forward slash / is used in the pattern and using the second pattern is not an option in my use case as someone could create eg. Folder 10 which would then also be matched.
Also the preview of matching Projects correctly displays all contents of Folder1 in both cases, although the first pattern doesn't actually grant access.
I have also tried to escape the forward slash with a backslash ( ^Folder1\/.* ) but that didn't help either.
Attachments
Activity
Hi,
I found a workaround for your problem. You have the following structure:
Folder1/JobA
Folder1/JobB
Folder2/JobC
And you only want to grant permissions on JobA and JobB.
When you test the pattern:
"^Folder1/.*"
The test webservice (/role-strategy/strategy/getMatchingJobs?pattern=^Folder1/.*&maxJobs=10) returns:
{
"matchingJobs": [
"Folder1/JobA",
"Folder1/JobB"
]
}
So, it seems ok, but if you login with the user granted with the created project rol, the user can't access to Folder1 and the empty "Welcome to Jenkins" page is displayed.
Solution:
Create a new project rol with the following pattern:
"^Folder1"
and assign to the user along with the first project role that you created.
With both roles, the user will be able to access to JobA and JobB from the welcome page.
Regards,
JM DEL RIO
Jose Manuel
added a comment - - edited Hi,
I found a workaround for your problem. You have the following structure:
Folder1/JobA
Folder1/JobB
Folder2/JobC
And you only want to grant permissions on JobA and JobB.
When you test the pattern:
"^Folder1/.*"
The test webservice (/role-strategy/strategy/getMatchingJobs?pattern=^Folder1/.*&maxJobs=10) returns:
{
"matchingJobs" : [
"Folder1/JobA" ,
"Folder1/JobB"
]
}
So, it seems ok, but if you login with the user granted with the created project rol, the user can't access to Folder1 and the empty "Welcome to Jenkins" page is displayed.
Solution:
Create a new project rol with the following pattern:
"^Folder1"
and assign to the user along with the first project role that you created.
With both roles, the user will be able to access to JobA and JobB from the welcome page.
Regards,
JM DEL RIO
Markus Winter
added a comment - Indeed this is only a configuration problem.
You can also use the pattern
^Folder1($|/.+)
in case you want the same permissions on the folder itself and on the jobs inside the folder.
If you have subfolders that required different permissions you would need to exclude additional slashes in the pattern above
Folder1($|/[^/]+)
Markus Winter
added a comment - Indeed this is only a configuration problem.
You can also use the pattern
^Folder1($|/.+)
in case you want the same permissions on the folder itself and on the jobs inside the folder.
If you have subfolders that required different permissions you would need to exclude additional slashes in the pattern above
Folder1($|/[^/]+)
I can confirm this issue when trying to grant access to credentials. inside folders
for jobs or Bitbucket projects the ^foldername/.* patter is working fine so far.
but for credentials I was advice to use something like ^foldername\b.* which works but has the issue that \b is not quite the same as /
wo I would like to have this issue fixed.
thanks.