This is the expected presentation when matrix auth 3.0 plugin has been installed and the users / groups have not yet been made unambiguous. See the matrix auth plugin 3.0 changelog for more details.

JENKINS-67406 large image: https://issues.jenkins.io/secure/attachment/56967/Jenkins-Role-Matrix3-20311219.png

Matrix Authorization 3.0 Changelog has general change and end point descriptions but lack specific steps.

1. Is Matrix Authorization downgrade to 2.6.11 most useful action?
2. Is this a function breaking issue or just harmless warning displays?
3. Are steps available now new Jenkins users can use to resolve issue?
4. Jenkins' own user database lacks group support and does this matter?

Thank you markewaite. 

Matrix Authorization 2.6. 11 can solve this problem, 2.303 3. Lts and 2.323

Thank you markewaite. 

https://github.com/jenkinsci/matrix-auth-plugin/blob/master/CHANGELOG.md doesn't recommend downgrades...

Once new permissions have been assigned using version 3.0 or newer, or existing permission assignments have been migrated to apply only to users or groups, downgrading to earlier versions of this plugin may cause problems, as these releases will not be able to load unambiguous permission assignments.

I experienced this issue as well, and was able to downgrade (at least so far).
Matrix 3.0 changelog now is calling out this plugin (role-strategy) as a known incompatibility.

Can someone promote a fix to handle the data migration?
Should be doable right?

A script or a guide will also do.

This is causing problems for me too. I have downgraded the Matrix Authorization plugin but that's got to be a temporary solution.

Switching away from using the Role-Based Authorization plugin would not be a simple task, I hope it doesn't come to that.

Hello,

Are these only harmless warning displays at the moment or should we expect functional loss on save / changes ?

Kind regards,

is there any news on this issue?

We are holding back the update from 2.6.11 because of this issue.

"This is the expected presentation when matrix auth 3.0 plugin has been installed and the users / groups have not yet been made unambiguous."

markewaite, how do we make users / groups unambiguous? Simply update to 3.x and resave each user?

Can we increase the urgency on this issue, there's still no workaround I've seen and we can't update due to this issue.

Still no progress? We cannot update for months too.

i am affected as well.

as a GUI level administrator
i want my user management interface to assist me with meaningful user names and user ids
so that my administration activities can be carried out correctly and efficiently in place.

Looking at the code this is only a UI problem and should not have any impact on functionality of the plugin.

The only thing rolestategy uses from matrix auth plugin is the function doCheckName from the descriptor of GlobalMatrixAuthorizationStrategy. This method is used to decide if the user/group exists and which icon to display.

Locally I copied the relevant code from version 2.6.11 of matrix-auth to rolestrategy and the issue is gone and everything still compiles and works as before.

The question is if we want to also have that separation between users and groups in rolestrategy. If yes that would be some bigger work I think and another question would be if we then want to keep the dependency to matrix auth plugin, probably some part of the code could be reused. After a first peek there are some code parts that are useful that are currently restricted with NoExternalUse

created PR #172 to decouple role-strategy from matrix-auth

had a look. its not a one-line change, but it looks pretty promising in solving the most pressing aspects.

to my understanding the one thing is "a bug" whilst the other things are "features" with surely some relation. establishing a sound foundation again instantly with fixing the first will allow to freely care (or skip) for the second.

Thanks for PR #172: The role-strategy-3.2.1-rc486.1fa_5c858f488.hpi plugin (without its dependency on the matrix-auth plugin) seems to work fine in my various use cases.