Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-24767

Role-based Authorization Strategy not working with sub-folders

    Details

    • Similar Issues:

      Description

      Using the folder structure below, trying to give a user access to ONLY the contents of FolderA. I'd expect

      .*FolderA.*

      to do that.

      To Reproduce:
      Create this folder structure:
      Folder1/
      Folder1/FolderA/
      Folder1/FolderA/JobA
      Folder1/FolderB/
      Folder1/FolderB/JobB
      Folder1/Job1

      Try these search expressions:

       -> ".*Folder1.*" Works
       -> ".*FolderA.*" Does NOT work
       -> ".*JobA.*" Does NOT work
       -> ".*FolderB.*" Does NOT work
       -> ".*JobB.*" Does NOT work
       -> ".*Job1.*" Does NOT work
      

        Attachments

          Activity

          Hide
          akrysko Alexander Krysko added a comment -

          I'm using Jenkins 2.134 with Role-based Authorization Strategy ver. 2.8.1 + Folders Plugin of ver. 6.5.1.
          Structure of Jenkins projects with sub-folder structure:
          Platform1/Project1/Job-1 .. Job-n
          Platform2/Project2/Job-1 .. Job-n
          Platform3/Project3/Job-1 .. Job-n
           
          I'm struggling with granting Build/Configure access to an Active Directory group only for Platform1/Project1/Job-1 .. Job-n
          without exposing read access to 
          Platform2/Project2/Job-1 .. Job-n and others?
           
          So that when user from AD group logs into Jenkins he see only the project he was given access to.
           
          When I remove Overall read access in Global Role for group 'users' which assigned to AD - users do not see what's matched by regexp under Project Roles.
           
          I'm using the following regular expressions to grant read/edit permissions:
          Platform1/Project1/.*
          Platform2/Project2/.***
          Platform3/Project3/.***
           
          Platform and Project are case sensitive.

          Show
          akrysko Alexander Krysko added a comment - I'm using Jenkins 2.134 with Role-based Authorization Strategy ver. 2.8.1 + Folders Plugin of ver. 6.5.1. Structure of Jenkins projects with sub-folder structure: Platform1/Project1/Job-1 .. Job-n Platform2/Project2/Job-1 .. Job-n Platform3/Project3/Job-1 .. Job-n   I'm struggling with granting Build/Configure access to an Active Directory group only for  Platform1/Project1/Job-1 .. Job-n without exposing read access to  Platform2/Project2/Job-1 .. Job-n and others?   So that when user from AD group logs into Jenkins he see only the project he was given access to.   When I remove Overall read access in Global Role for group 'users' which assigned to AD - users do not see what's matched by regexp under Project Roles.   I'm using the following regular expressions to grant read/edit permissions: Platform1/Project1/. * Platform2/Project2/. *** Platform3/Project3/. ***   Platform and Project are case sensitive.
          Hide
          danielbeck Daniel Beck added a comment -

          The second comment on this issue explains what you need to do.

          Show
          danielbeck Daniel Beck added a comment - The second comment on this issue explains what you need to do.
          Hide
          akrysko Alexander Krysko added a comment -

          Daniel Beck, after several tries I got what I needed, thank you.

          Show
          akrysko Alexander Krysko added a comment - Daniel Beck , after several tries I got what I needed, thank you.
          Hide
          raulsalinasmonteagudo Raúl Salinas-Monteagudo added a comment -

          It also cost me a while to find out how to make job folders work.  Documentation should be improved.

          It works nicely with: FOLDERNAME(/.*)? 

          Which means: the folder name alone, and anything starting by the folder name followed a slash.

          Show
          raulsalinasmonteagudo Raúl Salinas-Monteagudo added a comment - It also cost me a while to find out how to make job folders work.  Documentation should be improved. It works nicely with:  FOLDERNAME(/.*)?  Which means: the folder name alone, and anything starting by the folder name followed a slash.
          Hide
          ankurja Ankur added a comment -

          Is there a way I can give access to child folder directly without specifically giving access to Parent folder ?

          I have following structure:

          FolderA -> FolderB -> FolderC -> jobs

          It works fine if I give specific read permissions to Folder A first, then another role for giving read access to Folder B and then another role giving read access to Folder C, which means four roles to get access to jobs.

          Role 1 -> ^FolderA

          Role 2 -> ^FolderA/FolderB

          Role 3 -> ^FolderA/FolderB/FolderC

          Role 4 -> ^FolderA/FolderB/FolderC/.*

          Can the number of roles be reduced somehow by defining a pattern which can give direct access to Folder C , which internally would mean access granted to Folder A and B ?

          Show
          ankurja Ankur added a comment - Is there a way I can give access to child folder directly without specifically giving access to Parent folder ? I have following structure: FolderA -> FolderB -> FolderC -> jobs It works fine if I give specific read permissions to Folder A first, then another role for giving read access to Folder B and then another role giving read access to Folder C, which means four roles to get access to jobs. Role 1 -> ^FolderA Role 2 -> ^FolderA/FolderB Role 3 -> ^FolderA/FolderB/FolderC Role 4 -> ^FolderA/FolderB/FolderC/.* Can the number of roles be reduced somehow by defining a pattern which can give direct access to Folder C , which internally would mean access granted to Folder A and B ?

            People

            • Assignee:
              oleg_nenashev Oleg Nenashev
              Reporter:
              bobtheshrew Eric Anker
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: