[JIRA] (JENKINS-14750) Unprivileged view permissions for monitoring

1 view
Skip to first unread message

mcirtain@gmail.com (JIRA)

unread,
Aug 2, 2016, 10:14:03 AM8/2/16
to jenkinsc...@googlegroups.com
Melissa Cirtain commented on New Feature JENKINS-14750
 
Re: Unprivileged view permissions for monitoring

+1

Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)
Atlassian logo

s.austermuehle@hse24.de (JIRA)

unread,
Oct 25, 2016, 8:48:03 AM10/25/16
to jenkinsc...@googlegroups.com

+1

Just received the request from one of our dev team members to view monitoring data which surprinsgly isn't possible without admin permissions.

o.v.nenashev@gmail.com (JIRA)

unread,
Mar 24, 2017, 6:10:02 AM3/24/17
to jenkinsc...@googlegroups.com

-1 for the Unprivileged access as a Jenkins Security team member. It is not only about gc() invocation. Operations like HeapDump collection may actually expose sensitive information. Thread termination by users may also cause cause significant damage. Etc.

The thing which could be done is a special permission (e.g. "Computer.VIEW_MONITORING" impled By "Jenkins.ADMINISTER") with appropriate disclaimer in the documentation.

This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)
Atlassian logo

belfast77@gmail.com (JIRA)

unread,
Dec 18, 2019, 10:41:03 AM12/18/19
to jenkinsc...@googlegroups.com

+1

This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo
Reply all
Reply to author
Forward
0 new messages