-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
Jenkins 2.263.1
Running on RH7, no container
Using OpenJDK8U-jdk_x64_linux_hotspot_8u275b01.tar.gz
Role-based Authorization Strategy 3.1
Extended Read Permission Plugin 3.2
Matrix Authorization Strategy Plugin 2.6.4
We use "Role-based Authorization Strategy" to configure permissions on our Jenkins.
The permissions for the developers are set by using the "Authenticated" role.
+What happens:
+
- If I set the "Run/Update" permissions for "Authenticated", an authenticated user has the "Keep this build forever"-button on a run of the job.. (Without this permission, the button to set it is missing as expected)
- If the user clicks this button, the run is set to "Keep this build forever" as expected.
- The button disappears (as expected), but no "Don't keep this build forever" button is shown instead.
What I would expect:
- The button"Don't keep this build forever" is shown, so the user can undo the operation, as (s)he could to the operation.
Notes:
- If I give the "Authenticated" user the "Run/Delete" permission in addition, the "Don't keep this build forever" -button is shown.
- But I see this behaviour as not logical. If the user has the right to set the "Keep", (s)he should be able to undo the operation as well.
I don't want to give the normal user the permission to delete runs.
(I'm not sure, if the problem is with the "Role-based Authorization Strategy" plugin or Jenkins core)