Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-14750

Unprivileged view permissions for monitoring

    Details

    • Similar Issues:

      Description

      I would like my users with universal read permissions to be able to get to /monitoring, perhaps with the GC link removed or inactivated.

      Alternately, it would be great if there were a "view monitoring" checkbox in the permissions grid

      Or... a "configure monitoring" section in the global config to allow me to twiddle access perms

        Attachments

          Issue Links

            Activity

            Hide
            evernat evernat added a comment - - edited

            I currently do not know well how to do this.
            Could you help with a pull request for this? I can merge it in the plugin.

            The source is there:
            https://github.com/jenkinsci/monitoring-plugin

            Currently the ADMINISTER permission is checked in a servlet filter:
            https://github.com/jenkinsci/monitoring-plugin/blob/master/src/main/java/org/jvnet/hudson/plugins/monitoring/HudsonMonitoringFilter.java

            Show
            evernat evernat added a comment - - edited I currently do not know well how to do this. Could you help with a pull request for this? I can merge it in the plugin. The source is there: https://github.com/jenkinsci/monitoring-plugin Currently the ADMINISTER permission is checked in a servlet filter: https://github.com/jenkinsci/monitoring-plugin/blob/master/src/main/java/org/jvnet/hudson/plugins/monitoring/HudsonMonitoringFilter.java
            Hide
            ganncamp G. Ann Campbell added a comment -

            I'm happy to put this on my list, but I've got a backlog at the moment, so it could take a while!

            Show
            ganncamp G. Ann Campbell added a comment - I'm happy to put this on my list, but I've got a backlog at the moment, so it could take a while!
            Hide
            kasaihiroyoshi hiroyoshi kasai added a comment -

            It would be nice if all or specific users can view not only performance monitor but all or selected global management views.

            This idea is close to JENKINS-3677.

            • Some of non-administrative users may help global configuration.
            • Administrator candidates can learn with it.
            • Administrators of Jenkins instances can share configuration tips and know-hows easily.
            Show
            kasaihiroyoshi hiroyoshi kasai added a comment - It would be nice if all or specific users can view not only performance monitor but all or selected global management views. This idea is close to JENKINS-3677 . Some of non-administrative users may help global configuration. Administrator candidates can learn with it. Administrators of Jenkins instances can share configuration tips and know-hows easily.
            Hide
            samxiao Sam Xiao added a comment -

            +1 for this feature

            Show
            samxiao Sam Xiao added a comment - +1 for this feature
            Hide
            melcirtain Melissa Cirtain added a comment -

            +1

            Show
            melcirtain Melissa Cirtain added a comment - +1
            Hide
            stephan Stephan Austermühle added a comment -

            +1

            Just received the request from one of our dev team members to view monitoring data which surprinsgly isn't possible without admin permissions.

            Show
            stephan Stephan Austermühle added a comment - +1 Just received the request from one of our dev team members to view monitoring data which surprinsgly isn't possible without admin permissions.
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            -1 for the Unprivileged access as a Jenkins Security team member. It is not only about gc() invocation. Operations like HeapDump collection may actually expose sensitive information. Thread termination by users may also cause cause significant damage. Etc.

            The thing which could be done is a special permission (e.g. "Computer.VIEW_MONITORING" impled By "Jenkins.ADMINISTER") with appropriate disclaimer in the documentation.

            Show
            oleg_nenashev Oleg Nenashev added a comment - -1 for the Unprivileged access as a Jenkins Security team member. It is not only about gc() invocation. Operations like HeapDump collection may actually expose sensitive information. Thread termination by users may also cause cause significant damage. Etc. The thing which could be done is a special permission (e.g. "Computer.VIEW_MONITORING" impled By "Jenkins.ADMINISTER") with appropriate disclaimer in the documentation.
            Hide
            belfast77 Belfast 77 added a comment -

            +1

            Show
            belfast77 Belfast 77 added a comment - +1

              People

              • Assignee:
                Unassigned
                Reporter:
                ganncamp G. Ann Campbell
              • Votes:
                10 Vote for this issue
                Watchers:
                16 Start watching this issue

                Dates

                • Created:
                  Updated: