[JIRA] [role-strategy-plugin] (JENKINS-24767) Role-based Authorization Strategy not working with sub-folders

[orenault@gmail.com (JIRA)]

Olivier Renault commented on JENKINS-24767

Re: Role-based Authorization Strategy not working with sub-folders Hi, I've got the same need: restrict acces to the nested Folders. But, if I apply the same, 2 roles : 1 role for the root folder (Folder1), 1 role for the nested Folder (FolderA), I have the following: I can access to the Folder1/FolderA/JobA: I can build it but I can also access to the Folder1/FolderB/JobB: I can't build it => Due to the first role "Folder1View with RegEx: "Folder1" and Job/Read ticked", all nested folders in Folder1 inherits the READ right. => so it is possible to read the content of all nested folders (aka FolderB) and all its content (JobB). => if we apply a 3rd role like "Folder1FolderB with RegEx: "Folder1/FolderB.*" and nothing ticked", then this not delete the READ rights on this FolderB. So it appears impossible to restrein the access to nested folders as we have to put at least a READ right to the root folder, then this READ right inherits to all nested folders and jobs, even the ones we don't want to give a READ right. So, do I have to create an issue on this point ? Or is it possible to really "give a user access to ONLY the contents of FolderA" without giving READ access to other folders ? Regards Olivier Add Comment

This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265)

[o.v.nenashev@gmail.com (JIRA)]

Oleg Nenashev reopened an issue

Jenkins / JENKINS-24767

Role-based Authorization Strategy not working with sub-folders

Change By: Oleg Nenashev Resolution: Not A Defect Status: Closed Reopened

Add Comment

[o.v.nenashev@gmail.com (JIRA)]

Oleg Nenashev commented on JENKINS-24767

Re: Role-based Authorization Strategy not working with sub-folders Reopened the issue in order to troubleshoot the report from Olivier Renault

Add Comment

[a.krysko@astoundcommerce.com (JIRA)]

Alexander Krysko reopened an issue

I'm using Jenkins 2.134 with Role-based Authorization Strategy ver. 2.8.1 + Folders Plugin of ver. 6.5.1. Structure of Jenkins projects with sub-folder structure: Platform1/Project1/Job-1 .. Job-n Platform2/Project2/Job-1 .. Job-n Platform3/Project3/Job-1 .. Job-n   I'm struggling with granting Build/Configure access to an Active Directory group only for Platform1/Project1/Job-1 .. Job-n without exposing read access to  Platform2/Project2/Job-1 .. Job-n and others?   So that when user from AD group logs into Jenkins he see only the project he was given access to.   When I remove Overall read access in Global Role for group 'users' which assigned to AD - users do not see what's matched by regexp under Project Roles.   I'm using the following regular expressions to grant read/edit permissions: Platform1/Project1/.* Platform2/Project2/.*** Platform3/Project3/.***   Platform and Project are case sensitive.

Jenkins / JENKINS-24767

Role-based Authorization Strategy not working with sub-folders

Change By: Alexander Krysko Resolution: Not A Defect Status: Resolved Reopened

Add Comment

This message was sent by Atlassian JIRA (v7.10.1#710002-sha1:6efc396)

[dbeck@cloudbees.com (JIRA)]

Daniel Beck commented on JENKINS-24767

Re: Role-based Authorization Strategy not working with sub-folders The second comment on this issue explains what you need to do.

Add Comment

[a.krysko@astoundcommerce.com (JIRA)]

Alexander Krysko commented on JENKINS-24767

Re: Role-based Authorization Strategy not working with sub-folders

Second comment is not very specific. In plugin configuration there are Global and Project roles. So should there be Overall Read checkbox in a Global role should there be Job Read checkbox in a Global role May I ask someone who succeeded in described configuration to attach screenshots?

Add Comment

[a.krysko@astoundcommerce.com (JIRA)]

Alexander Krysko updated an issue

Jenkins / JENKINS-24767

Role-based Authorization Strategy not working with sub-folders

Change By: Alexander Krysko Comment:

Second comment is not very specific. In plugin configuration there are Global and Project roles. So

* should there be Overall Read checkbox in a Global role * should there be Job Read checkbox in a Global role

May I ask someone who succeeded in described configuration to attach screenshots?

Add Comment

[a.krysko@astoundcommerce.com (JIRA)]

Alexander Krysko commented on JENKINS-24767

Re: Role-based Authorization Strategy not working with sub-folders Daniel Beck, after several tries I got what I needed, thank you.

Add Comment

[o.v.nenashev@gmail.com (JIRA)]

Oleg Nenashev updated JENKINS-24767

Jenkins / JENKINS-24767

Role-based Authorization Strategy not working with sub-folders

Change By: Oleg Nenashev Status: Reopened Fixed but Unreleased Resolution: Not A Defect

Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

[rausalinas@gmail.com (JIRA)]

Raúl Salinas-Monteagudo commented on JENKINS-24767

Re: Role-based Authorization Strategy not working with sub-folders It also cost me a while to find out how to make job folders work.  Documentation should be improved. It works nicely with: FOLDERNAME(/.*)?  Which means: the folder name alone, and anything starting by the folder name followed a slash.

Add Comment

This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)

[ankurja@gmail.com (JIRA)]

Ankur commented on JENKINS-24767

Re: Role-based Authorization Strategy not working with sub-folders

Is there a way I can give access to child folder directly without specifically giving access to Parent folder ? I have following structure: FolderA -> FolderB -> FolderC -> jobs It works fine if I give specific read permissions to Folder A first, then another role for giving read access to Folder B and then another role giving read access to Folder C, which means four roles to get access to jobs. Role 1 -> ^FolderA Role 2 -> ^FolderA/FolderB Role 3 -> ^FolderA/FolderB/FolderC Role 4 -> ^FolderA/FolderB/FolderC/.* Can the number of roles be reduced somehow by defining a pattern which can give direct access to Folder C , which internally would mean access granted to Folder A and B ?

Add Comment