Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-8804

Can't set security role for promotion process locally to a job

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • promoted-builds-plugin
    • Solaris 10 and Tomcat 6.0.29 and Hudson 1.397

      I created promotion tasks in several jobs using the promoted-builds plugin, but can't restrict or set security for promotions per promotion or per job. Can only set in global security section. The idea of having promotion tasks is lost when everyone has access to all promotion tasks no matter what job and no matter what promotion task in the job. The security should be updated so that the admin can restrict promotion per job as well as restrict which users can promote a particular promotion. For example, you may want John to be able to promote A and B; Mary to promote only A; and July to promote only B. As it stands, I have to give John, Mary, and July permissions in the global security and they can then promote ANY job.

          [JENKINS-8804] Can't set security role for promotion process locally to a job

          Peter Hayes added a comment -

          I have committed changes to the manual approval promotion condition to allow you to specify a list of users that can approve the promotion. It is not yet released but if you could try it (I've attached the hpi to this issue) and let me know if it meets your needs or you find another issue with it.

          Thanks,
          Pete

          Peter Hayes added a comment - I have committed changes to the manual approval promotion condition to allow you to specify a list of users that can approve the promotion. It is not yet released but if you could try it (I've attached the hpi to this issue) and let me know if it meets your needs or you find another issue with it. Thanks, Pete

          Peter Hayes added a comment -

          Unreleased version of promoted builds plugin w/ authorized approval

          Peter Hayes added a comment - Unreleased version of promoted builds plugin w/ authorized approval

          Matthew Ford added a comment -

          Tested using Project based security in global configuration. I added two users (fordm and test1). I created a promotion job and assigned fordm as the only approver and then logged in as test1 and test1 was able to execute the promotion. At this point, it is not working as expected, but maybe I configured it incorrectly.

          Matthew Ford added a comment - Tested using Project based security in global configuration. I added two users (fordm and test1). I created a promotion job and assigned fordm as the only approver and then logged in as test1 and test1 was able to execute the promotion. At this point, it is not working as expected, but maybe I configured it incorrectly.

          Peter Hayes added a comment -

          Are you using the Force Promotion button or the approve button? If on the Jenkins System management page you have granted PROMOTE to all users, everyone can still click the Force Promotion button. You need to disable that permission (or give it to people who should be able to force promotions regardless of if the promotion conditions are met).

          You should only see the approve button if you are logged in as a user that has been configured as a manual approver for that promotion.

          Peter Hayes added a comment - Are you using the Force Promotion button or the approve button? If on the Jenkins System management page you have granted PROMOTE to all users, everyone can still click the Force Promotion button. You need to disable that permission (or give it to people who should be able to force promotions regardless of if the promotion conditions are met). You should only see the approve button if you are logged in as a user that has been configured as a manual approver for that promotion.

          Peter Hayes added a comment -

          Did you have a chance to try this? I made some more improvements around the UI as well as support approval groups instead of just individual users.

          Peter Hayes added a comment - Did you have a chance to try this? I made some more improvements around the UI as well as support approval groups instead of just individual users.

          Hi, sorry to intrude, but I tested the new version and have two observations:
          1- Jenkins is giving me two options of "If the build is a release build" when I checked "Promote builds when ..."
          2 - I dont know if I got it right, but this version should allow the authorization of promote through roles? Because I tried and didn't work.

          Thanks,
          Bruno

          Bruno Henrique da Silva added a comment - Hi, sorry to intrude, but I tested the new version and have two observations: 1- Jenkins is giving me two options of "If the build is a release build" when I checked "Promote builds when ..." 2 - I dont know if I got it right, but this version should allow the authorization of promote through roles? Because I tried and didn't work. Thanks, Bruno

            petehayes Peter Hayes
            ford30066 Matthew Ford
            Votes:
            2 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: