![]() |
|
|
|
|
Change By:
|
Fabrice Daugan
(28/Sep/14 7:38 PM)
|
|
Summary:
|
Global authorization matrix should
Jenkins's security is
not
be ignored
applied for IM user
|
|
Description:
|
In Global authorization matrix (https://ci.gfi.fr/jenkins/configureSecurity/), the "Authorization" option is "Project-based Matrix Authorization Strategy"
.
:
"jenkins-im" user has all authorizations, and is the one I've mapped to "Jenkins Username" parameter of "instant-messaging plugin"
I have a user will
no right at
all
rights
in
Jenkins but allowed to connect to
the
security matrix.
In the tested project,
conference used by
"
Enable project
jenkins
-
based security
im
"
is checked, no authorization is provided and "Block inheritance of global authorization matrix" is unchecked
.
This user can
do everything from
send any bot commands and this is really weird. The same is true for a registered jenkins user having only read/view rights. If he can only see builds using
the
UI in Jenkins,
Web/REST/
CLI
interfaces
,
REST,
this plugin acts like a "sudo"
.
.., but nothing with
"
Jenkins Username" parameter of "
instant-messaging plugin"
:
Adding this user to
should be removed or merged with
the
project's security resolves this issue, but I have many users and groups in this situation
rights of connected IM user
.
Before the workaround :
(8:41:17 PM) fdaugan: !h
(8:41:17 PM)
The
Jenkins
CI: fdaugan: no job found
After explicitly adding the
user
in
corresponding to
the
project's security scope :
(8:42:26 PM) fdaugan: !h
(8:42:26 PM) Jenkins CI: health
author
of
all projects:
Forge: Health [Build stability: 1 out of
the
last 5 builds failed
bot command must be used
.
(80%), Test Result: 0 tests failing out of a total of 2 tests.(100%): https://xx/jenkins/job/xx/398/
|
|
Priority:
|
Major
Critical
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit
https://groups.google.com/d/optout.
