On Wed, Apr 24, 2019 at 7:17 PM Daniel Beck <m...@beckweb.net> wrote: > What is the correct behavior for authorization realms here? Should Overall/* > permissions be inherited by all ACLs?
It should not really matter since any code even calling `hasPermission` / `checkPermission` against a permission using `PermissionScope.JENKINS` on something other than `Jenkins.instance` is a bug. Ideally we could enforce `PermissionScope`s at runtime to catch mistakes like that. (There are some weird cases, some of which I have tried to fix in the past, if you look up my PRs: `RUN` and `ITEM` sometimes get confused, and `COMPUTER` is confusingly applied either to `Computer` or `Node`.) -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr0RGEoRpt-ZC9_XV2n9FUaFhD1kMZRdBneNpccJYY4rdw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.