Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-24767

Role-based Authorization Strategy not working with sub-folders

    Details

    • Similar Issues:

      Description

      Using the folder structure below, trying to give a user access to ONLY the contents of FolderA. I'd expect

      .*FolderA.*

      to do that.

      To Reproduce:
      Create this folder structure:
      Folder1/
      Folder1/FolderA/
      Folder1/FolderA/JobA
      Folder1/FolderB/
      Folder1/FolderB/JobB
      Folder1/Job1

      Try these search expressions:

       -> ".*Folder1.*" Works
       -> ".*FolderA.*" Does NOT work
       -> ".*JobA.*" Does NOT work
       -> ".*FolderB.*" Does NOT work
       -> ".*JobB.*" Does NOT work
       -> ".*Job1.*" Does NOT work
      

        Attachments

          Activity

          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          I am closing it as "Not a defect" though the plugin documentation would benefit from more examples

          Show
          oleg_nenashev Oleg Nenashev added a comment - I am closing it as "Not a defect" though the plugin documentation would benefit from more examples
          Hide
          akrysko Alexander Krysko added a comment -

          I'm using Jenkins 2.134 with Role-based Authorization Strategy ver. 2.8.1 + Folders Plugin of ver. 6.5.1.
          Structure of Jenkins projects with sub-folder structure:
          Platform1/Project1/Job-1 .. Job-n
          Platform2/Project2/Job-1 .. Job-n
          Platform3/Project3/Job-1 .. Job-n
           
          I'm struggling with granting Build/Configure access to an Active Directory group only for Platform1/Project1/Job-1 .. Job-n
          without exposing read access to 
          Platform2/Project2/Job-1 .. Job-n and others?
           
          So that when user from AD group logs into Jenkins he see only the project he was given access to.
           
          When I remove Overall read access in Global Role for group 'users' which assigned to AD - users do not see what's matched by regexp under Project Roles.
           
          I'm using the following regular expressions to grant read/edit permissions:
          Platform1/Project1/.*
          Platform2/Project2/.***
          Platform3/Project3/.***
           
          Platform and Project are case sensitive.

          Show
          akrysko Alexander Krysko added a comment - I'm using Jenkins 2.134 with Role-based Authorization Strategy ver. 2.8.1 + Folders Plugin of ver. 6.5.1. Structure of Jenkins projects with sub-folder structure: Platform1/Project1/Job-1 .. Job-n Platform2/Project2/Job-1 .. Job-n Platform3/Project3/Job-1 .. Job-n   I'm struggling with granting Build/Configure access to an Active Directory group only for  Platform1/Project1/Job-1 .. Job-n without exposing read access to  Platform2/Project2/Job-1 .. Job-n and others?   So that when user from AD group logs into Jenkins he see only the project he was given access to.   When I remove Overall read access in Global Role for group 'users' which assigned to AD - users do not see what's matched by regexp under Project Roles.   I'm using the following regular expressions to grant read/edit permissions: Platform1/Project1/. * Platform2/Project2/. *** Platform3/Project3/. ***   Platform and Project are case sensitive.
          Hide
          danielbeck Daniel Beck added a comment -

          The second comment on this issue explains what you need to do.

          Show
          danielbeck Daniel Beck added a comment - The second comment on this issue explains what you need to do.
          Hide
          akrysko Alexander Krysko added a comment -

          Daniel Beck, after several tries I got what I needed, thank you.

          Show
          akrysko Alexander Krysko added a comment - Daniel Beck , after several tries I got what I needed, thank you.
          Hide
          raulsalinasmonteagudo Raúl Salinas-Monteagudo added a comment -

          It also cost me a while to find out how to make job folders work.  Documentation should be improved.

          It works nicely with: FOLDERNAME(/.*)? 

          Which means: the folder name alone, and anything starting by the folder name followed a slash.

          Show
          raulsalinasmonteagudo Raúl Salinas-Monteagudo added a comment - It also cost me a while to find out how to make job folders work.  Documentation should be improved. It works nicely with:  FOLDERNAME(/.*)?  Which means: the folder name alone, and anything starting by the folder name followed a slash.

            People

            • Assignee:
              oleg_nenashev Oleg Nenashev
              Reporter:
              bobtheshrew Eric Anker
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: