[JIRA] (JENKINS-58139) User cannot access his job inside the folder when global "authenticated user" does not have read permission

[parsa.vali@gmail.com (JIRA)]

parsa vali created an issue

Jenkins / JENKINS-58139 User cannot access his job inside the folder when global "authenticated user" does not have read permission Issue Type: Bug Assignee: Daniel Beck Components: matrix-auth-plugin Created: 2019-06-21 10:17 Environment: Jenkins version: 2.176.1 Matrix-auth plugin version: 2.4.2 Folders plugin version: 6.9 Priority: Minor Reporter: parsa vali Issue I created two users (user1 and user2) in Jenkins. user1 is Administrator globally. Authenticated user has "job:read" globally. I created a folder and a new "Freestyle project" Inside the folder. In the job configuration I enabled "project-based security" with "Do not inherit permission grants from other ACLs" and I also gave "job:read" permission to "user2". user2 is able to see the job without any problems. By removing "job:read" for authenticated user globally user2 cannot see his job indeed he is configured to read the job and "Do not inherit permission grants from other ACLs" is set on the job-level. Note: testing same scenario by creating a job on the root level works completely. Issue occurs only inside Folders. Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

[dbeck@cloudbees.com (JIRA)]

Daniel Beck closed an issue as Not A Defect

The issue description is unclear, but to the best of my understanding the problem here is that user2 does not have Job/Read on the folder containing the job, so the permission granted on the job level is irrelevant. Similar to a file system, you need read permission from the root element all the way to the leaf node to access it.

Jenkins / JENKINS-58139 User cannot access his job inside the folder when global "authenticated user" does not have read permission

Change By: Daniel Beck Status: Open Closed Resolution: Not A Defect

Add Comment