-
Bug
-
Resolution: Not A Defect
-
Minor
-
None
-
Jenkins 2.19.2
Matrix Authorization Strategy Plugin 1.4
Icon Shim Plugin 2.0.3 (required by Matrix Authorization Strategy Plugin)
We are using the "Project-based Matrix Authorization Strategy" option under "Authorization" for configuring global security. In this matrix, Anonymous has the following perms:
- Overall
- Read
- Credentials
- View
- Job
- ExtendedRead
- Read
- View
- Read
We are using LDAP for user access and folders for project grouping. We have "Enable project-based security" enabled at the folder level for the project.
The non-admin user has the following perms at the project folder level (Anonymous has no perms set here):
- Job
- Build
- Cancel
- Configure
- Create
- Delete
- Move
The job they are trying to copy in to the project level folder lives in a different folder. That folder does not have "Enable project-based security" enabled. This job does have two password parameters that are masked using the "Password Parameter" object.
I do not know when this functionality broke. In the past, these settings were sufficient to allow the non-admin user to copy a job from one folder to their folder with no issues. Now we are getting the error message:
Access Denied May not copy wifi/devops/templates/dev_branch_template_wifi as it contains secrets and wifivsphere has Job/ExtendedRead but not /Configure