Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-75790

Add "Item roles admin" and "Agent roles admin" to the role-strategy-plugin

XMLWordPrintable

    • Icon: New Feature New Feature
    • Resolution: Unresolved
    • Icon: Minor Minor
    • role-strategy-plugin
    • None

      Problem Statement

      As a Jenkins power-user, I want to configure which people can access/run/configure which jobs.

      As a Jenkins admin, I want to enable the power-user. However, I do not want to give them full admin permissions.

      Proposed Solution

      Currently the https://github.com/jenkinsci/role-strategy-plugin/blob/4fe2599cbf48f1bc1469467ff850168893cacbb3/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/index.jelly#L34has an all or nothing approach. Either admin or system-read for readonly access.

      We could introduce two new permissions

      • ITEM_ROLE_ADMIN
      • AGENT_ROLE_ADMIN

      Change the jelly config pages to reflect the read-only vs read-write of the sections based upon the users permissions.

      This would need changes to the two pages:

      • Manage Roles
      • Assign Roles

      Use Case

      An admin could specify global roles to provide respective *_ROLE_ADMIN permissions to the power-user. The power-user would currently need SYSTEM_READ at a minimum, but I see that as acceptable.

      This allows a more secure way of managing job permissions.

        1. image-2025-07-03-17-03-05-713.png
          72 kB
          Steve Boardwell
        2. image-2025-07-03-17-09-51-011.png
          71 kB
          Steve Boardwell

            oleg_nenashev Oleg Nenashev
            sboardwell Steve Boardwell
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: