[JIRA] (JENKINS-38219) Restrict Job.CONFIGURE permissions by plugins
Title: Message Title Jesse Glick commented on JENKINS-38219 Re: Restrict Job.CONFIGURE permissions by plugins Sounds like you need JENKINS-32596 but I am not sure I follow the use case here. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-38219) Restrict Job.CONFIGURE permissions by plugins
Title: Message Title ikedam commented on JENKINS-38219 Re: Restrict Job.CONFIGURE permissions by plugins Macro supports in role-strategy-plugin might be helpful for this feature. Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-38219) Restrict Job.CONFIGURE permissions by plugins
Title: Message Title ikedam created an issue Jenkins / JENKINS-38219 Restrict Job.CONFIGURE permissions by plugins Issue Type: New Feature Assignee: ikedam Components: authorize-project-plugin, core Created: 2016/Sep/14 11:11 PM Priority: Minor Reporter: ikedam authorize-project plugin can easily cause security issues like following situations: User A configured a project X run as user A. User B updates the configuration of project B. User B can do something with the authentication of user A. authorize-project avoids this problem by raising an exception when user B tries to configure project A. But this has following problem: Raising exception isn't the "proper" way to forbid configuration. It might not work in some cases or in the future version of Jenkins. Users have to configure the project again from the beginning if it is rejected by authorize-project plugin. It isn't user-friendly. There are several ways to configure projects. Web UI, REST WebAPI, CLI. Authorize-project have to cover all configuration methods. I believe the "proper" way to forbid a user to configure a project is to revoke Job.CONFIGURE permission for that project form that user. Then what I need is a mechanism