Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-66476

When updating global rules in Role-based Authorization Strategy all jobs are visible

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Trivial Trivial
    • role-strategy-plugin
    • Jenkins: 2.301.1
      Role-based Authorization Strategy: 3.2.0

      After creating a global rule the user's permissions work normally, but when the global rules are modified, the permissions overwrite and the user sees all jobs.

          [JENKINS-66476] When updating global rules in Role-based Authorization Strategy all jobs are visible

          Harryson created issue -
          Harryson made changes -
          Summary Original: When updating global rules in Role-based Authorization Strategy all jobs are visibleCommentAgile BoardMoreExport New: When updating global rules in Role-based Authorization Strategy all jobs are visible

          Harryson added a comment -

          Apparently it's a behavior of the plugin itself.

          Per the documentation on https://plugins.jenkins.io/role-strategy/:

          Global roles apply to any item in Jenkins and override anything you specify in the Project Roles. That is, when you give a role the right to Job-Read in the Global Roles, then this role is allowed to read all Jobs, no matter what you specify in the Project Roles.

          But I think this behavior strange, since the projects are already configured. If we delete the global rule and create it with new permissions and with the same name, it ends up having the expected behavior.

          Harryson added a comment - Apparently it's a behavior of the plugin itself. Per the documentation on https://plugins.jenkins.io/role-strategy/: Global roles apply to any item in Jenkins and override anything you specify in the Project Roles. That is, when you give a role the right to Job-Read in the Global Roles, then this role is allowed to read all Jobs, no matter what you specify in the Project Roles. But I think this behavior strange, since the projects are already configured. If we delete the global rule and create it with new permissions and with the same name, it ends up having the expected behavior.
          Harryson made changes -
          Link New: This issue relates to SECURITY-2487 [ SECURITY-2487 ]
          Harryson made changes -
          Resolution New: Done [ 10000 ]
          Status Original: Open [ 1 ] New: Closed [ 6 ]
          Harryson made changes -
          Comment [ It is expected behavior, per the documentation on [https://plugins.jenkins.io/role-strategy/]:
          {quote}Global roles apply to any item in Jenkins and override _anything_ you specify in the Project Roles. That is, when you give a role the right to Job-Read in the Global Roles, then this role is allowed to read all Jobs, no matter what you specify in the Project Roles.
          {quote} ]

            oleg_nenashev Oleg Nenashev
            harryson_palheta Harryson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: