Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-66476

When updating global rules in Role-based Authorization Strategy all jobs are visible

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Trivial Trivial
    • role-strategy-plugin
    • Jenkins: 2.301.1
      Role-based Authorization Strategy: 3.2.0

      After creating a global rule the user's permissions work normally, but when the global rules are modified, the permissions overwrite and the user sees all jobs.

          [JENKINS-66476] When updating global rules in Role-based Authorization Strategy all jobs are visible

          Harryson created issue -
          Harryson made changes -
          Summary Original: When updating global rules in Role-based Authorization Strategy all jobs are visibleCommentAgile BoardMoreExport New: When updating global rules in Role-based Authorization Strategy all jobs are visible
          Harryson made changes -
          Link New: This issue relates to SECURITY-2487 [ SECURITY-2487 ]
          Harryson made changes -
          Resolution New: Done [ 10000 ]
          Status Original: Open [ 1 ] New: Closed [ 6 ]
          Harryson made changes -
          Comment [ It is expected behavior, per the documentation on [https://plugins.jenkins.io/role-strategy/]:
          {quote}Global roles apply to any item in Jenkins and override _anything_ you specify in the Project Roles. That is, when you give a role the right to Job-Read in the Global Roles, then this role is allowed to read all Jobs, no matter what you specify in the Project Roles.
          {quote} ]

            oleg_nenashev Oleg Nenashev
            harryson_palheta Harryson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: