Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-58886

Project base security matrix allows wrong group of users access

    Details

    • Similar Issues:

      Description

      We have a folder with projects inside which have `project-based security` enabled and the Inheritance Strategy is set to `Inherit from parent`. The folder's permissions are:

      In the screenshot above I've added `myname-noaccess` just to illustrate the group permissions - in reality it is missing in the configuration.

      The problem is that the users from the `myname-noaccess` group, although not configured anywhere, are able to see the all of projects within the folder. While trying to figure out the issue, I noticed that `myname-noaccess` users actually have the same permissions as the `myname` group and once I removed it the folder and projects inside stopped appearing for `myname-noaccess`. 

      I believe there might be an issue with how the permissions are being detected - most likely there is a wildcard somewhere.

      The temporary fix is to rename `myname` group to something like `myname-core`.

        Attachments

          Activity

          Hide
          danielbeck Daniel Beck added a comment -

          Steve Todorov Is this still a problem?

          My best guess is something is weird about the group memberships, and I would have affected users go to the /whoAmI URL to see what groups they're a member of.

          Show
          danielbeck Daniel Beck added a comment - Steve Todorov Is this still a problem? My best guess is something is weird about the group memberships, and I would have affected users go to the /whoAmI URL to see what groups they're a member of.
          Hide
          danielbeck Daniel Beck added a comment -

          Closing for now. Steve Todorov Please reopen if this is still a problem, and provide the requested information above.

          (Everyone else: Please file a new issue if you experience something similar.)

          Show
          danielbeck Daniel Beck added a comment - Closing for now. Steve Todorov Please reopen if this is still a problem, and provide the requested information above. (Everyone else: Please file a new issue if you experience something similar.)

            People

            • Assignee:
              Unassigned
              Reporter:
              stodorov Steve Todorov
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: