Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-70044

Gather telemetry about usage of optional permissions

    • 2.375.1

      The Jenkins security team would like to collect telemetry regarding the usage of optional permissions (using the existing Telemetry API from JEP-214). We plan to use this telemetry to understand whether existing optional permissions are used frequently enough to justify their ongoing maintenance cost or are popular enough that we should consider enabling them by default.

      There are only a few permissions in Jenkins core and plugins hosted by the Jenkins community that are disabled by default. These are:

      • Agent/ExtendedRead
      • Job/ExtendedRead
      • Job/WipeOut
      • Overall/Manage
      • Overall/SystemRead
      • Run/Artifacts
      • Credentials/UseOwn (defined in credentials)
      • Credentials/UseItem (defined in credentials)

      There are also two plugins which enable some of these optional permissions by default, so we would like to include the default component information in the telemetry to understand whether these plugins are installed:

          [JENKINS-70044] Gather telemetry about usage of optional permissions

          Devin Nusbaum created issue -
          Devin Nusbaum made changes -
          Description Original: The Jenkins security team would like to collect telemetry regarding the usage of optional permissions (using the existing {{Telemetry}} API from [JEP-214|https://github.com/jenkinsci/jep/blob/master/jep/214/README.adoc]). We plan to use this telemetry to understand whether existing optional permissions are used frequently enough to justify their ongoing maintenance cost or are popular enough that we should consider enabling them by default.

          There are only a few permissions in Jenkins core and plugins hosted by the Jenkins community that are disabled by default. These are:
          * Agent/ExtendedRead
          * Job/ExtendedRead
          * Overall/Manage
          * Overall/SystemRead
          * Run/Artifacts
          * Credentials/UseOwn (defined in {{credentials}})
          * Credentials/UseItem (defined in {{credentials}})

          There are also two plugins which enable some of these optional permissions by default, so we would like to include the default {{component}} information in the telemetry to understand whether these plugins are installed:

          * [extended-read-permission|https://plugins.jenkins.io/extended-read-permission/]
          * [manage-permission|https://plugins.jenkins.io/manage-permission/]
          New: The Jenkins security team would like to collect telemetry regarding the usage of optional permissions (using the existing {{Telemetry}} API from [JEP-214|https://github.com/jenkinsci/jep/blob/master/jep/214/README.adoc]). We plan to use this telemetry to understand whether existing optional permissions are used frequently enough to justify their ongoing maintenance cost or are popular enough that we should consider enabling them by default.

          There are only a few permissions in Jenkins core and plugins hosted by the Jenkins community that are disabled by default. These are:
           * Agent/ExtendedRead
           * Job/ExtendedRead
           * Job/WipeOut
           * Overall/Manage
           * Overall/SystemRead
           * Run/Artifacts
           * Credentials/UseOwn (defined in {{{}credentials{}}})
           * Credentials/UseItem (defined in {{{}credentials{}}})

          There are also two plugins which enable some of these optional permissions by default, so we would like to include the default {{component}} information in the telemetry to understand whether these plugins are installed:
           * [extended-read-permission|https://plugins.jenkins.io/extended-read-permission/]
           * [manage-permission|https://plugins.jenkins.io/manage-permission/]
          Devin Nusbaum made changes -
          Labels New: permissions telemetry
          Devin Nusbaum made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Devin Nusbaum made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]
          Devin Nusbaum made changes -
          Remote Link New: This issue links to "jenkinsci/jenkins#7342 (Web Link)" [ 28337 ]
          Alexander Brandes made changes -
          Labels Original: permissions telemetry New: lts-candidate permissions telemetry
          Alexander Brandes made changes -
          Labels Original: lts-candidate permissions telemetry New: 2.375.1-fixed permissions telemetry
          Devin Nusbaum made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: In Review [ 10005 ] New: Fixed but Unreleased [ 10203 ]
          Alexander Brandes made changes -
          Released As New: 2.375.1
          Status Original: Fixed but Unreleased [ 10203 ] New: Closed [ 6 ]

            dnusbaum Devin Nusbaum
            dnusbaum Devin Nusbaum
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: