Reputation: 125
Jenkins Role Based Authorization Strategy Plugin Inconsistent behavior for different users
Current State: I have implemented project based roles strategy (also called the item roles) and have the appropriate project folder level regex etc set up. And I have verified the regexes and other permissions work fine for most logged in users, except the below scenarios I am running into.
- Plugin Version: 3.2
- Jenkins Version: 2.263.4
- Jenkins Authentication Provider: LDAP Connecting to Active Directory
- Example regex(es): for project role dev =
^ABC\-DEF\/DEV\/.*
Issue: Certain users are only having issues while going through the project role based authorization plugin where they are not able to see the option to run builds or job configurations. While the same configurations work for a couple of other user who have the same permissions.
Example:
Users - adm-XXXX and adm-YYYY and a few more all starting with the prefix of adm- are not able to get the roles for the configure and run builds on the jobs based on the above regex.
While Users - adm-zzzz and others are able to get the same roles using the same permission matrix.
The issue is very inconsistent as some days it would work, and even the same configurations when I tested in another Jenkins instance it worked for the user - adm-XXXX so I am at a loss on how to debug why it does not work for a few users consistently. I can understand if it is a configuration issue it should not work for all users having the same role.
Are there any tips on enabling some extra debug to troubleshoot this since there are literally a couple of loggers in the code of the plugin.
Appreciate the help here from any one knowledegable.
Upvotes: 0
Views: 4293
Answers (1)
Reputation: 1
I have same issue, where associating an LDAP/AD user to a local global role or item/project role with build and configure permissions enabled does not enable this permission in the project itself. The option to build and configure is not available.
The only way I got around this was to add the users into AD groups and associating the AD Group to a role with required permissions.
Enabling the exact same permissions on the AD group role that I had on the local role, enabled the build and configure option in the projects.
I am not sure if this is a bug, an AD integration issue that you cannot mix/match local and AD roles or I am missing some option or if anyone has managed to get around this anomoly - but this workaournd seems to overcome this.
Upvotes: 0
Related Questions
- After updating plugin role strategy plugin, jenkins is not working
- Jenkins plugin 'role-based strategy' doesn't load up
- Manage Jenkins users roles using external database
- Jenkins role strategy plugin and restrict user to build if not in proper group -- Jenkins file
- Jenkins - How to set authorization on project basis
- Jenkins role based authentication - user is missing overall/read permissions
- After installing Jenkins Role Strategy Plugin - all logins fail
- Jenkins pipeline job gets triggered as anonymous but not as an user/Admin
- Jenkins Run as Specific User not working
- Jenkins API: User.hasPermission always returns true