Micro Focus Application Automation Plugin 6.9
after installing your plugin, we are faced with a big security issue.
in order to use the plugin we are required to enter ALL the users and their password in the Jenkins Configure System screen.
this causes us:
- the need to have jenkins administrative access server to change/add/remove users.
- the need to have jenkins administrative access to change a password for a user.
- a problem in which any user with access to the jenkins server can choose any pre-defined user to access the ALM server (since it is configured in the server level, and not in the job level) - THIS IS THE SECURITY PROBLEM....
I would expect you to use the credentials system embedded in the jenkins server in order to be able to receive the credentials on the job/script level (like almost any other plugin).
- each user can only access the credentials he is allowed.
- each user can add/change/remove credentials without jenkins administrative privilege but only with credential privilege.
- other users in the system are not exposed to credentials they are not allowed to see.
I'm available to provide any needed information regarding this issue.