Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-20475

Add option to skip security checks for System users

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Security checks for SYSTEM are useless for most cases. They should be disabled by default .

      BTW, The option may be useful for some cases, so the plugin should provide a configuration option to retain backward compatibility

        Attachments

          Issue Links

            Activity

            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            A fix in plugin for old core versions

            Show
            oleg_nenashev Oleg Nenashev added a comment - A fix in plugin for old core versions
            Hide
            totoroliu Rick Liu added a comment -

            Hi Oleg,

            I'm not sure if this is related since this ticket is really long time ago.
            My environment is:
            Ubuntu 14.04
            OpenJDK8u111
            Jenkins v2.32.1 LTS
            Role-based Authorization Strategy v2.3.2

            Currently, I have:
            6 x 500GB SSD RAID-5
            3 Global roles (Job_veiwers, admin, anonymous)
            116 Project roles
            0 slave roles
            436 users
            2077 jobs

            2 days ago,
            I just added 800+ jobs through Multi-branch configuration.
            (adding only the jobs, role configurations remains the same)

            Before adding the 800+ jobs,
            the WebUI response was ok (acceptable).
            Every click (open job, open job configuration) response within 3~5 seconds.

            After adding the 800+ jobs,
            now the web UI response super slow (takes about 30 seconds to open a new page).

            After some investigation,
            I found if the user is in ADMIN role,
            then the response is slow,
            and if the same user is removed from ADMIN role,
            then the response is back to normal.

            I also created a custom role but using the wildcard * to match all the jobs (to pretend admin permissions).
            Then the result is the same that the response is really slow.
            Now,
            I don't know how to debug more.

            What's the best way to resolve this?

            Show
            totoroliu Rick Liu added a comment - Hi Oleg, I'm not sure if this is related since this ticket is really long time ago. My environment is: Ubuntu 14.04 OpenJDK8u111 Jenkins v2.32.1 LTS Role-based Authorization Strategy v2.3.2 Currently, I have: 6 x 500GB SSD RAID-5 3 Global roles (Job_veiwers, admin, anonymous) 116 Project roles 0 slave roles 436 users 2077 jobs 2 days ago, I just added 800+ jobs through Multi-branch configuration. (adding only the jobs, role configurations remains the same) Before adding the 800+ jobs, the WebUI response was ok (acceptable). Every click (open job, open job configuration) response within 3~5 seconds. After adding the 800+ jobs, now the web UI response super slow (takes about 30 seconds to open a new page). After some investigation, I found if the user is in ADMIN role, then the response is slow, and if the same user is removed from ADMIN role, then the response is back to normal. I also created a custom role but using the wildcard * to match all the jobs (to pretend admin permissions). Then the result is the same that the response is really slow. Now, I don't know how to debug more. What's the best way to resolve this?
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Rick Liu kinda "as designed" if you have 800 jobs on the top level without folders. ADMINs are not a SYSTEM user, hence this case is not applicable. Rather see issues like JENKINS-18377

            Show
            oleg_nenashev Oleg Nenashev added a comment - Rick Liu kinda "as designed" if you have 800 jobs on the top level without folders. ADMINs are not a SYSTEM user, hence this case is not applicable. Rather see issues like JENKINS-18377
            Hide
            jglick Jesse Glick added a comment -

            Unnecessary givenĀ JENKINS-20474.

            Show
            jglick Jesse Glick added a comment - Unnecessary givenĀ  JENKINS-20474 .

              People

              • Assignee:
                Unassigned
                Reporter:
                oleg_nenashev Oleg Nenashev
              • Votes:
                2 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: