Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-36047

Read users do not have permission to view Snippet Generator and Step Reference

    Details

    • Similar Issues:

      Description

      In JENKINS-31831, the snippet generator and the API reference docs were moved out of the configuration view, and to their own separate links on the project.

      This was good, as they could be accessed without going into the configuration of the project.

      But it seems these new links are only available to users with access to change the configuration of the project.

      In our environment, we are using the Multi-Branch plugin to scan our repo and setup projects. The developers of those projects would like to be able to read the docs, and use the snippet generator.

      But I do not want to give them access to configure the project – I just want them to be able to read the docs. Because of the current restrictions via permissions to be able to reach these links, it seems they can not read the docs nor use the snippet generator without being given project configuration authority.

      I could see the snippet generator containing some sensitive info (though it still would not be able to change the build) – but definitely see no reason that the api docs should not be available to any user with read access to the project.

        Attachments

          Activity

          Hide
          stradenko C added a comment -

          Jesse Glickv
          hudson.model.Item.ExtendedRead is what I gave in config.xml, not Item.VIEW_CONFIGURATION. Not sure if it's just a terminology thing, but the source was definitely checking for hudson.model.Item.ExtendedRead

          Show
          stradenko C added a comment - Jesse Glick v hudson.model.Item.ExtendedRead is what I gave in config.xml, not Item.VIEW_CONFIGURATION. Not sure if it's just a terminology thing, but the source was definitely checking for hudson.model.Item.ExtendedRead
          Hide
          jglick Jesse Glick added a comment -

          Indeed to use Snippet Generator you need to have Item.VIEW_CONFIGURATION permission.

          Show
          jglick Jesse Glick added a comment - Indeed to use Snippet Generator you need to have Item.VIEW_CONFIGURATION permission.
          Hide
          stradenko C added a comment - - edited

          I've Validated that granting the ExtendedRead permission grants the access needed to view the snippet generator without having additional access to modify the job configuration (although, they can view job config).

          Show
          stradenko C added a comment - - edited I've Validated that granting the ExtendedRead permission grants the access needed to view the snippet generator without having additional access to modify the job configuration (although, they can view job config).
          Hide
          stradenko C added a comment -

          Looking through the Snippetizer source, it looks like https://wiki.jenkins-ci.org/display/JENKINS/Extended+Read+Permission+Plugin may be the solution. I'll be testing it this week.

          Show
          stradenko C added a comment - Looking through the Snippetizer source, it looks like https://wiki.jenkins-ci.org/display/JENKINS/Extended+Read+Permission+Plugin may be the solution. I'll be testing it this week.
          Hide
          dpd_30 Daniel Daugherty added a comment -

          Have the same issue. One work around is to use project based matrix auth strategy. Create a "doc sample" project (type pipeline) and give more rights just to that project. They can view and mess around in that project. This is the work around that I setup for us.

          Show
          dpd_30 Daniel Daugherty added a comment - Have the same issue. One work around is to use project based matrix auth strategy. Create a "doc sample" project (type pipeline) and give more rights just to that project. They can view and mess around in that project. This is the work around that I setup for us.

            People

            • Assignee:
              jglick Jesse Glick
              Reporter:
              gregcovertsmith Greg Smith
            • Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: