Details
-
Bug
-
Status: Resolved (View Workflow)
-
Blocker
-
Resolution: Fixed
Description
I'm trying to create number of users with specific permissions via projectMatrixAuthorizationStrategy by groovy script. Actually, I'm able to create Users and provide permissions to the user, but when try to create another user with specific permissions, the old user access is automatically wiping out. when try to login with old user i'm getting " Overall/Read permission is missing" .
I have tried multiple ways but didn't get any solution about this. Here below is my script
import jenkins.model.*
import hudson.security.*
import hudson.model.*
import java.util.*
import com.michelin.cio.hudson.plugins.rolestrategy.*
import com.cloudbees.plugins.credentials.*
import com.cloudbees.plugins.credentials.common.*
import com.cloudbees.plugins.credentials.domains.*
import com.cloudbees.jenkins.plugins.sshcredentials.impl.*
def instance = Jenkins.getInstance()
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
//def user = ["userInput","userPassword"]
hudsonRealm.createAccount("admin","admin")
//hudsonRealm.createAccount(userInput,userPassword)
hudsonRealm.createAccount("user","User2")
instance.setSecurityRealm(hudsonRealm)
instance.save()
def strategy = new ProjectMatrixAuthorizationStrategy()
//Overall Permission
strategy.add(Jenkins.ADMINISTER,'admin')
strategy.add(Jenkins.READ,user)
//Credential Level Permission
strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.CREATE,user)
strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.DELETE,user)
strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.UPDATE,user)
strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.VIEW,user)
//Job Level Permission
strategy.add(hudson.model.Item.BUILD,user)
strategy.add(hudson.model.Item.CANCEL,user)
strategy.add(hudson.model.Item.CONFIGURE,user)
strategy.add(hudson.model.Item.CREATE,user)
//strategy.add(hudson.model.Item.DELETE,user)
strategy.add(hudson.model.Item.DISCOVER,user)
//strategy.add(hudson.model.Item.READ,user)
strategy.add(hudson.model.Item.WORKSPACE,user)
//Build Run (Level) Permissions
//strategy.add(hudson.model.Run.DELETEuser)
strategy.add(hudson.model.Run.UPDATE,user)
//strategy.add(hudson.model.Run.REPLAY,user)
//View Level Permissions
//strategy.add(hudson.model.View.CONFIGURE,user)
//strategy.add(hudson.model.View.CREATE,user)
//strategy.add(hudson.model.View.DELETE,user)
strategy.add(hudson.model.View.READ,user)
instance.setAuthorizationStrategy(strategy)
instance.save()
}
}}
could somebody help me to sort out the issue?
Solution: Actually it is very simple thing to know.
If you don't like to wiping out old user access, you shouldn't give user name in the permission line, instead you should give 'authenticated'. see the example below..,
From
strategy.add(Jenkins.READ,user)
strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.CREATE,user)
to
strategy.add(Jenkins.READ,'authenticated')
strategy.add(com.cloudbees.plugins.credentials.CredentialsProvider.CREATE,'authenticated')