On Thursday, October 18, 2018 at 2:13:00 PM UTC-5, Jesse Glick wrote:
>
> Is that actually true? I would bet you could define something like
> this as a regular `@Extension`. There should not be anything running
> as non-`SYSTEM` prior to extensions loading, I would think.
>
I tried doing that
On Thu, Oct 18, 2018 at 3:24 PM Matt Sicker wrote:
> Other than how it's loaded, any other thoughts?
Well, see if you can solve some of the historical messes that are
linked to from that ticket.
In general I think we need some more coherent policy for managing
fine-grained permissions. There
In that case, I could try it as an extension point first. Other than how
it's loaded, any other thoughts?
On Thu, Oct 18, 2018 at 2:12 PM Jesse Glick wrote:
> On Thu, Oct 18, 2018 at 3:06 PM Matt Sicker wrote:
> > permissions are a rather low level concern and need to be available as
> soon as
On Thu, Oct 18, 2018 at 3:06 PM Matt Sicker wrote:
> permissions are a rather low level concern and need to be available as soon
> as possible
Is that actually true? I would bet you could define something like
this as a regular `@Extension`. There should not be anything running
as non-`SYSTEM`
I've been investigating what it would take to fix the permissions hierarchy
where RUN_SCRIPTS should logically be above ADMINISTER. I've been pointed
to a potential problem with any permission migration:
https://issues.jenkins-ci.org/browse/JENKINS-17200
Since permissions are a rather low level