Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-65371

User access is wiping out when grant permission to new user by groovy

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      I'm trying to create number of users with specific permissions via projectMatrixAuthorizationStrategy by groovy script. Actually, I'm able to create Users and provide permissions to the user, but when try to create another user with specific permissions, the old user access is automatically wiping out. when try to login with old user i'm getting " Overall/Read permission is missing" . 

       

      I have tried multiple ways but didn't get any solution about this. Here below is my script

       

       

      import jenkins.model.*
      import hudson.security.*
      import hudson.model.*
      import java.util.*
      import com.michelin.cio.hudson.plugins.rolestrategy.*
      import com.cloudbees.plugins.credentials.*
      import com.cloudbees.plugins.credentials.common.*
      import com.cloudbees.plugins.credentials.domains.*
      import com.cloudbees.jenkins.plugins.sshcredentials.impl.*

      def instance = Jenkins.getInstance()

      def hudsonRealm = new HudsonPrivateSecurityRealm(false)

      //def user = ["userInput","userPassword"]

      hudsonRealm.createAccount("admin","admin")
      //hudsonRealm.createAccount(userInput,userPassword)
      hudsonRealm.createAccount("user","User2")

      instance.setSecurityRealm(hudsonRealm)
      instance.save()

      def strategy = new ProjectMatrixAuthorizationStrategy()

      //Overall Permission

      strategy.add(Jenkins.ADMINISTER,'admin')
      strategy.add(Jenkins.READ,user)

      //Credential Level Permission

      strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.CREATE,user)
      strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.DELETE,user)
      strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.UPDATE,user)
      strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.VIEW,user)

      //Job Level Permission

      strategy.add(hudson.model.Item.BUILD,user)
      strategy.add(hudson.model.Item.CANCEL,user)
      strategy.add(hudson.model.Item.CONFIGURE,user)
      strategy.add(hudson.model.Item.CREATE,user)
      //strategy.add(hudson.model.Item.DELETE,user)
      strategy.add(hudson.model.Item.DISCOVER,user)
      //strategy.add(hudson.model.Item.READ,user)
      strategy.add(hudson.model.Item.WORKSPACE,user)

      //Build Run (Level) Permissions

      //strategy.add(hudson.model.Run.DELETEuser)
      strategy.add(hudson.model.Run.UPDATE,user)
      //strategy.add(hudson.model.Run.REPLAY,user)

      //View Level Permissions

      //strategy.add(hudson.model.View.CONFIGURE,user)
      //strategy.add(hudson.model.View.CREATE,user)
      //strategy.add(hudson.model.View.DELETE,user)
      strategy.add(hudson.model.View.READ,user)

      instance.setAuthorizationStrategy(strategy)
      instance.save()

      }
      }}

       

      could somebody help me to sort out the issue?

       

       

        Attachments

          Activity

          Hide
          chiducaf chella added a comment - - edited

          Solution: Actually it is very simple thing to know.

          If you don't like to wiping out old user access, you shouldn't give user name in the permission line, instead you should give 'authenticated'. see the example below..,

          From

          strategy.add(Jenkins.READ,user)
           strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.CREATE,user)

          to

          strategy.add(Jenkins.READ,'authenticated')
           strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.CREATE,'authenticated')

           

          Show
          chiducaf chella added a comment - - edited Solution:  Actually it is very simple thing to know. If you don't like to wiping out old user access, you shouldn't give user name in the permission line, instead you should give 'authenticated'. see the example below.., From strategy.add(Jenkins.READ,user)  strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.CREATE,user) to strategy.add(Jenkins.READ,'authenticated')  strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.CREATE,'authenticated')  
          Hide
          chiducaf chella added a comment -

          You can see my answer in the command.

          Show
          chiducaf chella added a comment - You can see my answer in the command.

            People

            Assignee:
            chiducaf chella
            Reporter:
            chiducaf chella
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: