[JIRA] (JENKINS-38257) Feature to define non-actual user

4 views
Skip to first unread message

devld@ikedam.jp (JIRA)

unread,
Sep 15, 2016, 4:42:01 PM9/15/16
to jenkinsc...@googlegroups.com
ikedam created an issue
 
Jenkins / New Feature JENKINS-38257
Feature to define non-actual user
Issue Type: New Feature New Feature
Assignee: ikedam
Components: authorize-project-plugin, core
Created: 2016/Sep/15 8:41 PM
Priority: Minor Minor
Reporter: ikedam

Authorize-project plugin has difficulties for its usage as it requires actual users to run builds as.
It can easily conflicts with policies of administrators:

  • Administrators might don't want to use an actual user for managing authorizations of builds.
    • E.g. Alice and Bob belongs to a DevOps team. They want to run a project with the authorization of DevOps, but not of Alice or Bob. Because it might cause problems when they quit the job.
    • This can be resolved by defining a non-actual user used only to manage authorizations of builds.
  • Administrator doesn't want to define or can't define non-actual users.
    • It can be the case especialy when they use an external authentication system (such as Active Directory).

This can be resolved by introducing a feature to define non-actual users, just like build-in users such as ANONYMOUS and SYSTEM.

  • They cannot be used to login Jenkins. (They don't have passwords)
  • They have permissions. That is, AuthorizationStrategy should handle them as they handle actual users.

It might be a feature of authorize-project plugin, Jenkins core, or maybe a brand-new plugin.
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)
Atlassian logo

Kalle.Niemitalo@procomp.fi (JIRA)

unread,
Jun 11, 2019, 12:04:03 PM6/11/19
to jenkinsc...@googlegroups.com
Kalle Niemitalo commented on New Feature JENKINS-38257
 
Re: Feature to define non-actual user

Jenkins 2.176.1 LTS now includes JENKINS-24513, which warns about builds running as SYSTEM. But virtual users are difficult to define when Jenkins is using SAML Plugin against Microsoft's AD FS.

I wonder if, instead of the "significant changes" in JENKINS-32596, this could be implemented:

  • as a security realm wrapper plugin that lets the admin select an inner security realm for the real users and define some additional virtual users,
  • or as a composite security realm plugin that lets the admin select two or more inner security realms, one of which could then be Jenkins’ own user database.
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

jglick@cloudbees.com (JIRA)

unread,
Jun 11, 2019, 4:10:02 PM6/11/19
to jenkinsc...@googlegroups.com
Jesse Glick resolved as Duplicate
 

a composite security realm

Possibly, but see discussion in JENKINS-15063.
Change By: Jesse Glick
Status: Open Resolved
Resolution: Duplicate
Reply all
Reply to author
Forward
0 new messages