-
Bug
-
Resolution: Duplicate
-
Critical
-
None
What happens:
Enable Project-based Matrix Authorization Strategy in Configure Global Security
Assign one user (Alice) to be able to Administer in Overall.
Assign a second user (Bob) to be able to Create and Build and Configure in Jobs.
Log in as Bob (normal user).
Create a new job. Configure the job to 'Enable project-based security.'
Check the box for 'Block inheritance of global authorization matrix'.
In the matrix, add Bob as a user, and give them full permissions (check every matrix box).
Save the job, copy the URL.
Log out as Bob (normal user).
Log in as Alice (administrator user).
Try to load copied URL of Bob's job.
Search for Bob's job.
Administrator user can't see any information about this job. It is completely hidden from view.
What should happen:
Administrator users should be able to examine any job that is created.
Workaround:
If the Administrator is able to log into the jenkins box itself, they can see the job folder in the jenkins directory, and that directory can be monitored for changes, but this is very inconvenient and potentially unsafe, as you can also configure where the job is saved.
- duplicates
-
JENKINS-24878 Implement super-users ACL so this users can access a job even if "allow a job to not inherit from global ACL" is set to true
- Resolved
- links to