-
Bug
-
Resolution: Not A Defect
-
Major
-
Debiab Buster
The following example configuration:
jenkins:
authorizationStrategy:
roleBased:
roles:
global:
- name: admin
description: "Role admin"
pattern: ".*"
assignments:
- "g_jenkins_admin"
permissions:
- "Agent/Build"
- "Agent/Configure"
- "Agent/Connect"
- "Agent/Create"
- "Agent/Delete"
- "Agent/Disconnect"
- "Agent/Provision"
- "Credentials/Create"
- "Credentials/Delete"
- "Credentials/ManageDomains"
- "Credentials/Update"
- "Credentials/View"
- "Job/Build"
- "Job/Cancel"
- "Job/Configure"
- "Job/Create"
- "Job/Delete"
- "Job/Discover"
- "Job/Move"
- "Job/Read"
- "Job/Workspace"
- "Lockable Resources/Reserve"
- "Lockable Resources/Unlock"
- "Overall/Administer"
- "Overall/Read"
- "Run/Delete"
- "Run/Replay"
- "Run/Update"
- "SCM/Tag"
- "View/Configure"
- "View/Create"
- "View/Delete"
- "View/Read"
items:
- name: role_acd
description: "Role role_acd"
pattern: "(^.*_deploy_wildfly_.*)"
assignments:
- "dev1"
permissions:
- "Job/Build"
- "Job/Cancel"
- "Job/Discover"
- "Job/Read"
- "Job/Workspace"
- "View/Read"
- "Overall/Read"
results in a plugin error:
May 31 10:32:13 jenkinsserver jenkins[23497]: Caused: io.jenkins.plugins.casc.ConfiguratorException: roleDefinition: Failed to construct instance of class org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition. May 31 10:32:13 jenkinsserver jenkins[23497]: Constructor: public org.jenkinsci.plugins.rolestrategy.casc.RoleDefinition(java.lang.String,java.lang.String,java.lang.String,java.util.Collection,java.util.Collection). May 31 10:32:13 jenkinsserver jenkins[23497]: Arguments: [java.lang.String, null, java.lang.String, java.util.ArrayList, java.util.ArrayList]. May 31 10:32:13 jenkinsserver jenkins[23497]: Expected Parameters: name java.lang.String, description java.lang.String, pattern java.lang.String, permissions java.util.Collection<java.lang.String>, assignments java.util.Collection<java.lang.String>
- is duplicated by
-
-
- Resolved
-
[JENKINS-68648] JCasC integraton broken
Markus Winter
added a comment - You have configured permissions for lockable resources plugin. Is the plugin really installed?
Anyway the permissions for the global "admin" role include "Overall/Administer", so you can remove all other permissions there.
Markus Winter
added a comment - You have configured permissions for lockable resources plugin. Is the plugin really installed?
Anyway the permissions for the global "admin" role include "Overall/Administer", so you can remove all other permissions there. mawinter69 The missing plugin seems to have solved the issue. Thanks for pointing that out. However, while the permissions Overall/Administer seem to work fine, I run into Problems removing the Read-Permissions while just leaving the Overall/Read permission active. People reported issues with afters after changing it. Any clue on that? I thought Overall/Read complements permissions like Job/Read or View/Read.
Markus Winter
added a comment - "Overall/Read" will grant rights only to access the root of Jenkins. This doesn't grant access to any job or folder.
In order for a user to access Jenkins the "Overall/Read" permission is required, even when an item role grants access for the user to certain jobs.
Note that "Overall/Read" is a permission which is not available to Items/Projects. So setting it there will have no affect. It must be defined in a global role
Markus Winter
added a comment - "Overall/Read" will grant rights only to access the root of Jenkins. This doesn't grant access to any job or folder.
In order for a user to access Jenkins the "Overall/Read" permission is required, even when an item role grants access for the user to certain jobs.
Note that "Overall/Read" is a permission which is not available to Items/Projects. So setting it there will have no affect. It must be defined in a global role
Markus Winter
added a comment - This is not a bug but a configuration issue. 
Possible related to
JENKINS-68596andJENKINS-68595.