Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add more permission descriptions #5534

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
+112 −3
Open

Add more permission descriptions #5534

Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
a45cd54
Add more permission descriptions
zbynek Oct 2, 2022
db8cfb6
AsciiDoc syntax fixes
zbynek Oct 2, 2022
54b78cc
Apply suggestions from code review
zbynek Oct 7, 2022
8cc0b86
Permission page: review feedback
zbynek Oct 19, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
124 changes: 122 additions & 2 deletions content/doc/book/security/access-control/permissions.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@ layout: documentation
:toc:
:toclevels: 3

// TODO add some more permissions

The following sections describe the access granted to users with (or without) the specified permissions.

== Default Permissions
Expand Down Expand Up @@ -107,6 +105,101 @@ Anything they cannot accomplish through the existing UI they can do through the
An instance on which an untrusted user gained _Overall/Administer_ permission should be considered fully compromised and should be replaced.
All secrets (credentials, etc.) stored on that instance should be rotated or revoked and all artifacts created from that point on should be verified.


=== Agent permissions
zbynek marked this conversation as resolved.
Show resolved Hide resolved

==== Agent/Build

This permission allows users to run jobs as them on agents.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is basically useless unless you already know what it does (it's related to https://www.jenkins.io/doc/book/security/build-authorization/ ).


==== Agent/Configure

This permission allows users to configure agents.

==== Agent/Connect

This permission allows users to connect agents or mark agents as online.

This permission is implied by Agent/Disconnect.

==== Agent/Create

This permission allows users to create agents.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How sensitive are these permissions? Can this be given to just anyone, or are there security considerations? This doesn't say. (Not that it would inside Jenkins, but I'd expect more from docs that exist. IMO of course.)


==== Agent/Delete

This permission allows users to delete existing agents.

==== Agent/Disconnect

This permission allows users to disconnect agents or mark agents as temporarily offline.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably makes more sense as a list (e.g. definition list?), given the current lack of details? (Also applies to all other lists at this level.)


=== Job permissions
zbynek marked this conversation as resolved.
Show resolved Hide resolved

==== Job/Build

This permission grants the ability to start a new build.

==== Job/Cancel

This permission grants the ability to cancel a scheduled, or abort a running, build.

==== Job/Configure

Change the configuration of a job.

==== Job/Create

Create a new job.

==== Job/Delete

Delete a job.

==== Job/Discover

This permission grants discover access to jobs. Lower than read permissions, it allows you to redirect anonymous users to the login page when they try to access a job url.
Without it they would get a 404 error and wouldn't be able to discover project names.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here an explanation could make sense that this permission only makes sense when anonymous users are granted Overall/Read permission.


This permission is implied by Job/Read.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This content is actually generated by Matrix Authorization Plugin 😄


==== Job/Move

Required to move a job from one folder (or Jenkins root) to another.

==== Job/Read

See a job. (You may deny this permission but allow Discover to force an anonymous user to log in to see the job.)

==== Job/Workspace

This permission grants the ability to retrieve the contents of a workspace Jenkins checked out for performing builds.
If you don’t want a user to access files in the workspace (e.g. source code checked out from SCM or intermediate build results) through the workspace browser, you can revoke this permission.

=== Run permissions

==== Run/Delete

This permission allows users to manually delete specific builds from the build history.

==== Run/Update

This permission allows users to update description and other properties of a build, for example to leave notes about the cause of a build failure.

=== View permissions

==== View/Configure
This permission allows users to change the configuration of views.

==== View/Create
This permission allows users to create new views.

==== View/Delete
This permission allows users to delete existing views.

==== View/Read
This permission allows users to see views (implied by generic read access).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

implied by generic read

That's a permission that exists but hasn't been shown on the UI pretty much ever, so it's not particularly helpful.


== Optional Permissions

These permissions are not enabled by default.
Expand Down Expand Up @@ -141,6 +234,33 @@ Learn more in jep:223[].
NOTE: This permission was added in Jenkins 2.222.
Some features, especially those provided by plugins, may not yet support this permission.

=== Credentials permissons
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should not be placed here as it's not an optional permission as explained in the introductory paragraph.

Also, while Credentials Plugin is as much of a "core" plugin as is possible, what's the threshold for putting plugin docs here?


Following permissions are only enabled if the plugin:credentials[Credentials Plugin] is installed

==== Credentials/Create
The create permission is necessary to add credentials to a credentials provider.

==== Credentials/Delete
The delete permission is necessary to remove credentials stored in a credentials provider.

==== Credentials/ManageDomains
The manage domains permission is necessary to add/remove/configure the credential domains of a credentials provider (where the credentials provider supports multiple credential domains).

==== Credentials/Update

The update permission is necessary to modify credentials in a credentials provider.

==== Credentials/View

The view permission is necessary to view the credentials stored in a credentials provider.

=== Pipleline-related permissions

==== Run/Replay

Ability to perform a new Pipeline build with an edited script. This permission is implied by Job/Configure.
This permission is enabled by plugin:workflow-cps[Pipeline: Groovy].

== Obsolete Permissions

Expand Down