![]() |
|
|
|
|
Change By:
|
Stephen Dharma
(21/Mar/14 9:50 AM)
|
|
Description:
|
Currently when using Jenkins with "Subversion Plugin" and "Role Strategy Plugin", the Administrator does not seem to have any control on how to manage "Subversion Credentials" privileges for multiple teams.
*
Prerequisites:
*
- Jenkins Credentials Plugin installed.
- Jenkins Subversion Plugin installed.
- Jenkins Role Strategy Plugin installed.
- Access Control - Security Realm: "Jenkins’ own user database".
- Access Control - Authorization: "Role-Based Strategy".
- Role "admin" (Global Privileges: all).
- Role "Team-A-Administrators" (Global Privileges: Overall-Read, Credentials-Create, Credentials-View Job-Create)(Project Privileges, Pattern TeamA.*: Credentials-Create, Credentials-View, Job-all, Run-all). (see screenshot: https://issues.jenkins-ci.org/secure/attachment/25586/JENKINS-22289_ManageAndAssignRoles.png )
- Role "Team-B-Administrators" (Global Privileges: Overall-Read, Credentials-Create, Credentials-View, Job-Create)(Project Privileges, Pattern "TeamB.*": Credentials-Create, Credentials-View, Job-all, Run-all).
- Jenkins Root Administrator User Account (e.g. "administrator") with Role "admin" (All Privileges).
- Team-A Administrator User Account (e.g. "adminteama") with Role "Team-A-Administrators".
- Team-B Administrator User Account (e.g. "adminteamb") with Role "Team-B-Administrators".
- Subversion repository used by Team-A, (e.g. "svn.mycompany.com/project-a"), with SVN User Account "svnusera".
- Subversion repository used by Team-B, (e.g. "svn.mycompany.com/project-b"), with SVN User Account "svnuserb".
*
Steps to reproduce issue:
*
1. Login as Team-A Administrator ("adminteama").
2. Create "New Job" with Job Name "TeamA-Project-1", type "Build a free-style software project".
3. In the Project Configuration page, select "Subversion" as the Source Code Management.
4. Input Repository URL "svn.mycompany.com/project-a".
5. Add Credentials,
- Kind: Username with password
- Scope: Global
- Username: svnusera
- Password: ******** (assume correct password used)
- Description: TeamA-SVN-User
6. Select the newly created Credentials "TeamA-SVN-User"
(see screenshot: https://issues
.
jenkins-ci.org/secure/thumbnail/25587/_thumb_25587.png ).
7. Save Job.
8. Logout.
9. Login as Team-B Administrator ("adminteamb").
10. Create "New Job" with Job Name "TeamB-Project-1", type "Build a free-style software project".
11. In the Project Configuration page, select "Subversion" as the Source Code Management.
12. Input Repository URL "svn.mycompany.com/project-b". Review existing Credentials list.
*
Actual Behavior:
*
Credentials "TeamA-SVN-User" (belong to Team A) can be viewed and used by Team B, causing the Source Repository of Team A can be accessed by Team B without providing SCM password.
(see screenshot: https://issues.jenkins-ci.org/secure/thumbnail/25588/_thumb_25588.png )
*
Expected
(improved)
Behavior:
*
The ability for Jenkins Root Administrator to provide private Credentials to specific Group/Team. e.g. Credentials created by Team A, should be accessible only to members of Team A.
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
[email protected].
For more options, visit
https://groups.google.com/d/optout.
