|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
For more options, visit https://groups.google.com/d/optout.
My apologies. I've completely missed that Github OAuth plugin doesn't just do authentication, but also authorization.
In that case, it seems that it's simply missing a way to assign permissions fine-grained in Jenkins. What it absolutely cannot do (given the APIs and assuming reasonable effort) is to allow access to URL regexes, as that's not how Jenkins (or rather Stapler) works internally.
This seems to be a design limitation in the plugin (note that I've never used it, just read some docs!): From its description, it seems to assign permissions to Jenkins based on characteristics of the account on Github (e.g. org membership), rather than setting just a list of granted authorities (similar to group memberships in other user directories) and allow use of arbitrary authorization strategies – then you'd be able to use Role Strategy Plugin or the Matrix Auth Plugin. Given that many plugins now are introducing additional permissions, this design limitation seems to become worse over time.
I'll leave this open and on the github-oauth component, as any solution should probably be introduced there.