[JIRA] (JENKINS-59568) Users can use system credentials although they don't have permission

[pablo.gomezjimenez@dhl.com (JIRA)]

Pablo Gomez created an issue

Jenkins / JENKINS-59568 Users can use system credentials although they don't have permission Issue Type: Bug Assignee: Unassigned Components: credentials-plugin Created: 2019-09-28 09:18 Environment: Jenkins 2.164.3 Credentials plugin 2.1.18 Priority: Critical Reporter: Pablo Gomez Hi, we have our Jenkins configured with  Project-based Matrix Authorization Strategy. I recently removed for normal users all Credentials permissions because I don't want them to be able to use the system credentials store. I want them to use the folder credentials store instead. Now users cannot see the credentials option in the main menu, only inside their folders. However, when they need to add some credential to their jobs (i.e. in SCM configuration), they still can select the credentials in the system store. My expectation is that they can only select the credentials in the folder store. Add Comment

This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)