I am trying to setup a project-based matrix authorization strategy for our Jenkins instance. The current security realm is Jenkins own user database. I want to have two tiers of users; Global Administrators as well as Project Level Users.
Because you must grant a user the overall global read permission in order to view any jobs, in the ACL matrix for each project I have checked the option to ‘Block inheritance of global authorization matrix’ in order to prevent users from viewing jobs which they have not explicitly been assigned a read permission on the project level. This seems to work great for limiting what jobs users are able to see.
Some of these users I want to assign the permissions necessary to configure jobs. As ‘Block inheritance of global authorization matrix’ is checked for each project, I have assigned the configure permission in the global ACL matrix as well as on the project level.
Global Level ACL Matrix
Project Level ACL Matrix
When I attempt to configure the project as the user assigned the configure permission for jobs on the global as well as project level, I receive an error that the user does not have the necessary permissions to configure the project:
What may be going on here? From what I understand this is the intended use of the project-based matrix authorization strategy. Am I misunderstanding how this authorization strategy is used? Thanks in advance for any guidance!