Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-45417

Role-strategy plugin not documented well-enough to provide solution to my needs.

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      The role strategy plugin is not documented well enough to explain to me how to meet my requirements.  I will tell you my requirements, what I've tried, and the results which are not what I want.  Perhaps then you can tell me a solution.

      Basically, I want to have two classes of users (other than the administrators).  One class, let's call them "senior" needs to have read/write/execute permissions throughtout the instance.  Can view every job, in every folder (we use the Cloudbees Folder Plugin), run jobs, configure jobs, modify jobs, delete jobs, anywhere in the instance.  Another class, let's call them "junior" should have read only access throughout the system, and full read/write/execute access but just to one folder in the instance.

      To even let the juniors get into the system, I must give them read access globally.  So then how do I expand their rights to "their" special folder?  I created a "Junior" folder at the top level of the instance.  I added a project based role called "Junior" and gave them full access within their folder.  But whether I define the pattern as

      /Junior, 
      /Junior/*, 
      Junior, or
      Junior/*
      

      the expanded rights within the folder do not take effect.

      So my first question is, what, really, is the syntax of a pattern expression? How do I say "this project and all its subprojects"?

      And the second question is, Can I override the global permission to allow MORE privileges at the project level?

      Another option would be to say that "any authenticated user has read access everywhere". Can I do that?

      Thank you.
       

       

        Attachments

          Activity

          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          The plugin documentation explicitly says you should use regular expressions define role patterns. They are documented here: https://en.wikipedia.org/wiki/Regular_expression . "Junior/" is not a valid regular expression, "Junior/." should be used instead

           

          Show
          oleg_nenashev Oleg Nenashev added a comment - The plugin documentation explicitly says you should use regular expressions define role patterns. They are documented here: https://en.wikipedia.org/wiki/Regular_expression . "Junior/ " is not a valid regular expression, "Junior/. " should be used instead  
          Hide
          sc1478 Steve Cohen added a comment - - edited

          Thanks. But did you mean

          Junior/. 
          

          or

          Junior/.* 
          

          ?
          As I understand regex, the former means "Junior/" plus any single character, whereas the latter means "Junior/" plus any number of characters.

          Also, how is the "authenticated" role that your documentation mentions, applied? If I define this role and say it gives read permission to any authenticated user, could this be a way around my difficulties?

          Show
          sc1478 Steve Cohen added a comment - - edited Thanks. But did you mean Junior/. or Junior/.* ? As I understand regex, the former means "Junior/" plus any single character, whereas the latter means "Junior/" plus any number of characters. Also, how is the "authenticated" role that your documentation mentions, applied? If I define this role and say it gives read permission to any authenticated user, could this be a way around my difficulties?
          Hide
          sc1478 Steve Cohen added a comment -

          In any event, changing the pattern to

          Junior/.*
          

          seems to have solved the issue.

          Show
          sc1478 Steve Cohen added a comment - In any event, changing the pattern to Junior/.* seems to have solved the issue.
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          Yes, I didn't notice that JIRA applied formatting to my response. I will add the regex validator to the plugin

          Show
          oleg_nenashev Oleg Nenashev added a comment - Yes, I didn't notice that JIRA applied formatting to my response. I will add the regex validator to the plugin
          Hide
          sc1478 Steve Cohen added a comment -

          Thanks. Yes, this JIRA offers fewer formatting capabilities than others I've seen.

          Show
          sc1478 Steve Cohen added a comment - Thanks. Yes, this JIRA offers fewer formatting capabilities than others I've seen.
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          It is not a defect per se, but improving validation would be nice

          Show
          oleg_nenashev Oleg Nenashev added a comment - It is not a defect per se, but improving validation would be nice
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          Unassigning the issue for now. We have added two Role Strategy plugin project ideas to GSoC 2019: https://jenkins.io/projects/gsoc/2019/project-ideas/. If somebody is interested in co-mentoring the ideas (including these tickets), please let us know

          Show
          oleg_nenashev Oleg Nenashev added a comment - Unassigning the issue for now. We have added two Role Strategy plugin project ideas to GSoC 2019: https://jenkins.io/projects/gsoc/2019/project-ideas/ . If somebody is interested in co-mentoring the ideas (including these tickets), please let us know

            People

            • Assignee:
              Unassigned
              Reporter:
              sc1478 Steve Cohen
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: