That would assuage my concerns significantly.
On Thu, Jan 16, 2020 at 3:43 AM Daniel Beck wrote:
>
>
>
> On Wed, Jan 15, 2020 at 9:00 PM Matt Sicker wrote:
>>>
>>> Plugins that contribute to the settings on on the Configure Jenkins page
>>> should carefully consider if allowing a user with
On Wed, Jan 15, 2020 at 9:00 PM Matt Sicker wrote:
> Plugins that contribute to the settings on on the Configure Jenkins page
>> should carefully consider if allowing a user with only Jenkins.CONFIGURE
>> could result in an unintended privelege escalation.
>>
>
> To me, this sounds like a fairly
Alright, I have some immediate concerns about the following aspects:
Plugins that contribute to the settings on on the Configure Jenkins page
> should carefully consider if allowing a user with only Jenkins.CONFIGURE
> could result in an unintended privelege escalation.
>
To me, this sounds like
I'll be reviewing this JEP from a security perspective over the next couple
days.
On Wed, Jan 15, 2020 at 7:02 AM Oleg Nenashev
wrote:
> Just to bump this discussion, the JEP draft was published as
> https://github.com/jenkinsci/jep/tree/master/jep/223
> Any feedback would be appreciated, there
Just to bump this discussion, the JEP draft was published as
https://github.com/jenkinsci/jep/tree/master/jep/223
Any feedback would be appreciated, there were changes since the last post
in this thread
Best regards,
Oleg Nenashev
On Friday, December 27, 2019 at 8:30:30 PM UTC+1, Michael
As part of this proposal we have been struggling a bit to find the right
"name" to describe this new permission type. Currently, we are thinking
about creating a new Permission Group called Restricted Administer in order
to provide some contextual meaning to the permissions it contains.
I think it would be helpful for the JEP to have a lot more color in
the Motivation section. From the three short paragraphs given there it
is hard to tell what the real use cases for this change are. You are
saying something about a “large enterprise”, but
· Who typically is going to be granted
sorry hit send to soon
> > At the same time just because you can configure the system message does
> not mean that you should be able to install new plugins.
> `CONFIGURE` means a lot more than setting the system message, I hope.
> And if you have this curated update center then what is the
On Monday, November 25, 2019 at 8:43:07 PM UTC, Jesse Glick wrote:
>
> On Mon, Nov 25, 2019 at 2:03 PM James Nord > wrote:
> > IMO [installing plugins] should be another Permission
>
> Just seems like permission bloat. I would expect `CONFIGURE` to imply
> the ability to install or update
On Mon, Nov 25, 2019 at 2:03 PM James Nord wrote:
> IMO [installing plugins] should be another Permission
Just seems like permission bloat. I would expect `CONFIGURE` to imply
the ability to install or update (but not downgrade) plugins from the
UC.
> for example if you have a curated locked
> I wonder whether it would make sense to (optionally) allow use of the
> plugin manager. With an admin-configured update site only offering curated
> plugins, it could make sense to allow Configurers to update or install
> plugins themselves. (Basically retaining the legacy distinction
Some update, I created a Jira to use it in PR and code, the draft PR is
ready here https://github.com/jenkinsci/jenkins/pull/4374, tell me if I
should add some label on it.
I also updated the link in the JEP PR, so every links should be up to date
everywhere. The Jep still need some update, for
On Tue, Nov 19, 2019 at 3:57 AM Michael Cirioli
wrote:
>
> Currently, when using matrix style authorization, an administrator may
> choose to selectively remove the ability for a user to RUN_SCRIPTS,
> UPLOAD_PLUGINS, or CONFIGURE_UPDATECENTER. At first glance, this may seem
> reasonable, but
Sounds perfect, thank you Angelique!
Leaving Amsterdam and headed to Zurich this morning!
On Mon, Nov 25, 2019 at 9:43 AM, Angélique Jard wrote:
> Hello there :)
>
> I will create a draft PR today or tomorrow that integrate some feedback on
> the JEP like the name of the new permission
Hello there :)
I will create a draft PR today or tomorrow that integrate some feedback on
the JEP like the name of the new permission "Jenkins.CONFIGURE", and remove
the code related to deprecation to be more focused in this feature.
I think that I will also create a JIRA to be able to track
On Mon, Nov 18, 2019 at 9:57 PM Michael Cirioli wrote:
> WIP implementation prototype can be found at
> https://github.com/mikecirioli/jenkins/tree/FGP
Would you mind filing this as a draft PR against jenkinsci/jenkins? While
IMHO it should be aligned with the read-only administrator permissions
being implemented by Tim Jacomb.
It does not have to be in the same JEP, but IMHO it is something to
consider taking the timing.
BR, Oleg
On Tuesday, November 19, 2019 at 3:57:29 AM UTC+1, Michael Cirioli wrote:
>
> Dear
Dear Everyone,
Myself (https://github.com/mikecirioli), Angelique Jard
(https://github.com/aHenryJard), and Esther Feijoo
(https://github.com/EstherAF) would like to offer a proposed JEP
(currently, still a draft) focused on creating a more sensible set of
fine-grained permissions for
18 matches
Mail list logo
