-
Bug
-
Resolution: Not A Defect
-
Critical
-
2.486
Using the matrix-auth plugin version 3.2.3, I can set global Overall Read permissions, and then specify on a per-project basis who has access to configure and build jobs. This is done using the Configure permission on a either pipeline or folder level. Even if a user is granted all the checkboxes except for admin globally, they are still unable to actually save a configuration of a job. They are able to see the configuration page, the save and apply buttons, but get the following error after clicking either of them:
org.acegisecurity.AccessDeniedException: This job's current authorization strategy does not permit <account-name> to modify the job configuration
This means that the user needs full admin access globally to edit any job configuration.
Log from dockerized jenkins container behind nginx reverse proxy:
2024-11-22 13:41:01.527+0000 [id=30478] INFO o.e.j.e.n.ContextHandler$APIContext#log: While serving http://xx:xx/job/User-SW-automatization/job/PipelineA/configSubmit: org.acegisecurity.AccessDeniedException: This job's current authorization strategy does not permit <account-name> to modify the job configuration
[JENKINS-74910] User without full admin privileges is unable to save configuration of a job
alexander
created issue -
alexander
made changes -
| Description |
Original:
Using the matrix-auth plugin version 3.2.3, I can set global Overall Read permissions, and then specify on a per-project basis who has access to configure and build jobs. This is done using the Configure permission on a either pipeline or folder level. Even if a user is granted all the checkboxes except for admin globally, they are still unable to actually save a configuration of a job. They are able to see the configuration page, the save and apply buttons, but get the following error after clicking either of them:
org.acegisecurity.AccessDeniedException: This job's current authorization strategy does not permit <account-name> to modify the job configuration This means that the user needs full admin access globally to edit any job configuration. Log from docker behind nginx reverse proxy: 2024-11-22 13:41:01.527+0000 [id=30478] INFO o.e.j.e.n.ContextHandler$APIContext#log: While serving http://xx:xx/job/User-SW-automatization/job/PipelineA/configSubmit: org.acegisecurity.AccessDeniedException: This job's current authorization strategy does not permit <account-name> to modify the job configuration |
New:
Using the matrix-auth plugin version 3.2.3, I can set global Overall Read permissions, and then specify on a per-project basis who has access to configure and build jobs. This is done using the Configure permission on a either pipeline or folder level. Even if a user is granted all the checkboxes except for admin globally, they are still unable to actually save a configuration of a job. They are able to see the configuration page, the save and apply buttons, but get the following error after clicking either of them:
org.acegisecurity.AccessDeniedException: This job's current authorization strategy does not permit <account-name> to modify the job configuration This means that the user needs full admin access globally to edit any job configuration. Log from dockerized jenkins container behind nginx reverse proxy: 2024-11-22 13:41:01.527+0000 [id=30478] INFO o.e.j.e.n.ContextHandler$APIContext#log: While serving [http://xx:xx/job/User-SW-automatization/job/PipelineA/configSubmit:] org.acegisecurity.AccessDeniedException: This job's current authorization strategy does not permit <account-name> to modify the job configuration |
alexander
made changes -
| Environment | Original: 2.485 | New: 2.486 |
| Resolution | New: Not A Defect [ 7 ] | |
| Status | Original: Open [ 1 ] | New: Closed [ 6 ] |
You're using https://plugins.jenkins.io/authorize-project/ and that blocks saving, probably because the user attempting to save is not the user associated with the job, or something like that. It's been a while since I've used that plugin.