• Type: Bug
• Resolution: Done
• Priority: Trivial
• Component/s: role-strategy-plugin
• Labels:

  • plugin
  • security
• Environment:

  Jenkins: 2.301.1
  Role-based Authorization Strategy: 3.2.0

[JENKINS-66476] When updating global rules in Role-based Authorization Strategy all jobs are visible

Collapse comment: Harryson added a comment - 2021-08-30 12:15

Harryson added a comment - 2021-08-30 12:15

Apparently it's a behavior of the plugin itself.

Per the documentation on https://plugins.jenkins.io/role-strategy/:

Global roles apply to any item in Jenkins and override anything you specify in the Project Roles. That is, when you give a role the right to Job-Read in the Global Roles, then this role is allowed to read all Jobs, no matter what you specify in the Project Roles.

But I think this behavior strange, since the projects are already configured. If we delete the global rule and create it with new permissions and with the same name, it ends up having the expected behavior.

Expand comment: Harryson added a comment - 2021-08-30 12:15

Harryson added a comment - 2021-08-30 12:15 Apparently it's a behavior of the plugin itself. Per the documentation on https://plugins.jenkins.io/role-strategy/: Global roles apply to any item in Jenkins and override anything you specify in the Project Roles. That is, when you give a role the right to Job-Read in the Global Roles, then this role is allowed to read all Jobs, no matter what you specify in the Project Roles. But I think this behavior strange, since the projects are already configured. If we delete the global rule and create it with new permissions and with the same name, it ends up having the expected behavior.