The performance of this plugin is being improved as a part of Google Summer of Code 2019. Help us understand how you use this plugin through our Gitter chat.
Plugin Information |
---|
View Role-based Authorization Strategy on the plugin site for more information. |
Older versions of this plugin may not be safe to use. Please review the following warnings before using an older version:
About this plugin
This plugin adds a new role-based strategy to ease and fasten users management.
See the plugin documentation on GitHub: https://github.com/jenkinsci/role-strategy-plugin/blob/master/README.md
Version history
Version 2.11 and newer versions
See the changelog here
Version 2.10 (Feb 11, 2019)
- Jenkins 2.60.3 is now the minimal requirement of the plugin
- JENKINS-44472 - "Manage roles" table now supports preview of jobs matching the regular expression
- PR #45 - REST API: getRole now also returns SID assignments
- JENKINS-55804, JENKINS-55803 - Improve performance of the plugin on instances with many roles
- JENKINS-49102 - "Manage roles" page now displays patterns in quotes to properly visualize whitespace patterns
- JENKINS-45942 - REST API: Throw error when a non-existent permission is added in the addRole call
- JENKINS-54900 - REST API: Prevent concurrency issues when permissions are checked in parallel with REST API calls
Internal changes:
- JENKINS-55916 - RoleWalker iterator now can be aborted by the handler
- JENKINS-55933 - First version of the Role Strategy performance testing instance
Version 2.9.0 (Aug 27, 2018)
- PR #42 - Add REST API for retrieving particular roles
- Example: curl -XGET 'http://localhost:8080/jenkins/role-strategy/strategy/getRole?type=globalRoles&roleName=admin'
Version 2.8.2 (Aug 07, 2018)
- PR #41 - getAllRoles REST API call was not closing output writer properly, and responses were missing in some cases
- PR #40 - Prevent NullPointerException when getAllRoles REST API is called for non-existent role type
Version 2.8.1 (May 25, 2018)
- PR #39 - Prevent NullPointerException when adding role to an empty type from REST API
Version 2.8.0 (May 16, 2018)
- PR #37 - getAllRoles method now allows retrieving Job and Agent roles
- Example: curl -X GET localhost:8080/role-strategy/strategy/getAllRoles?type=globalRoles ("projectRoles" or "slaveRoles")
- Example: curl -X GET localhost:8080/role-strategy/strategy/getAllRoles?type=globalRoles ("projectRoles" or "slaveRoles")
Version 2.7.0 (Feb 06, 2018)
- PR #36 - Improve API to provide integration with Configuration As Code Plugin
Version 2.6.1 (Oct 04, 2017)
- JENKINS-47265 - The plugin does not require extra dangerous permission enabler flags to be set with Matrix Authorization Strategy Plugin 1.5+
- PR #33 - Improve diagnostics of invalid cases when Roles get created with null permissions
Version 2.6.0 (Aug 28, 2017)
- PR #30 - Add REST API endpoints to get and unassign roles
- Examples:
- Unassign role: curl -X POST localhost:8080/role-strategy/strategy/unassignRole --data "type=globalRoles&roleName=AMD&sid=username"
- List roles: curl -X GET localhost:8080/role-strategy/strategy/getAllRoles
- Examples:
- Update Jenkins core minimal requirement to 1.625.3
Version 2.5.1 (July 10, 2017)
Version 2.5.0 (Jun 02, 2017)
- JENKINS-37178 - Add REST API, which allows managing roles and assignments
- Examples:
- Add Role: curl -X POST localhost:8080/role-strategy/strategy/addRole --data "type=globalRoles&roleName=ADM&permissionIds=hudson.model.Item.Discover,hudson.model.Item.ExtendedRead&overwrite=true"
- Remove Role(s): curl -X POST localhost:8080/role-strategy/strategy/removeRoles --data "type=globalRoles&roleNames=ADMIN,DEV"
- Assign Role: curl -X POST localhost:8080/role-strategy/strategy/assignRole --data "type=globalRoles&roleName=ADMIN&sid=username"
- Delete SID from all roles: curl -X POST localhost:8080/role-strategy/strategy/deleteSid --data "type=globalRoles&sid=username"
- Parameters:
- Type: globalRoles, projectRoles, slaveRoles
- Type: globalRoles, projectRoles, slaveRoles
- Examples:
- JENKINS-18377 - Improve speed of fetching roles by permission
- JENKINS-43058 - Stop mentioning "slaves" in the plugin UI and Javadoc
Version 2.4.0 (Apr 10, 2017)
This change is a part of the Security release in Jenkins.
- SECURITY-410 - Prohibit dangerous permissions by default
- Permissions like "Jenkins.RUN_SCRIPTS" cannot be granted to non-admin users by default
- After the upgrade to 2.4.0, such dangerous permission configurations will be disabled and reported in the Administrative Monitor
- "org.jenkinsci.plugins.rolestrategy.permissions.DangerousPermissionHandlingMode.enableDangerousPermissions" system property can be used to allow these dangerous permissions (not recommended)
- See the referenced issue for more info
- Fixed escaping of descriptions in the Role Strategy Macros list (JENKINS-38230)
Version 2.3.2 (06/13/2016)
- Performance: Disable user authorities resolution in permission checks by default (JENKINS-35515)
- It has been done due to the reported performance degradation in 2.3.0
- The 2.3.0 behavior can be restored by the org.jenkinsci.plugins.rolestrategy.Settings.treatUserAuthoritiesAsRoles system property
- If you enable it, the performance can be also tweaked by org.jenkinsci.plugins.rolestrategy.Settings.userDetailsCacheMaxSize and org.jenkinsci.plugins.rolestrategy.Settings.userDetailsCacheExpircationTimeSec
- Authorities resolution: Catch Runtime Exceptions from underlying Security Realms. Prevents Jenkins DoS in such case (JENKINS-35652)
- Generalize the help message for role patterns (JENKINS-35250)
2.3.1 is skipped due to the typo in the property name
Version 2.3.0 (06/07/2016)
- Threat user authorities as roles (https://github.com/jenkinsci/role-strategy-plugin/pull/13)
- Escape all form entry fields by default (prevent unintentional HTML injection by admins)
- Migration to the new Jenkins plugin parent POM
- Fixes of minor issues discovered by FindBugs
WARNING!
There are performance regressions reported to this version. Upgrade only after testing
Version 2.2.0 (06/29/2014)
- Support of Create Job permissions since jenkins-1.566 (JENKINS-19934)
- The permission requires the specific item name validation strategy, which should be selected in Jenkins global configuration
- Fixed help links in manage-roles pages (JENKINS-15030)
- Slave permissions: Allow assignment of permissions, which don't belong to "Slave" group (JENKINS-18978)
Version 2.1.0 (07/20/2013)
- Added support of individual permission assignments for slave nodes (JENKINS-18748)
- Added support of Macro roles (JENKINS-18700)
Version 1.1.3 (07/10/2013)
- Prevented exceptions in case of missing roles (JENKINS-18648)
- Prevented exceptions in case of deleted Permissions
- Support of folders plugin (JENKINS-17482)
- Upgraded to Jenkins 1.424
Version 1.1.2 (10/14/2011)
- Implemented JENKINS-9325: Permissions contributed by plugins can now be managed at the project roles level
- Upgraded to Jenkins 1.409
Version 1.1.1 (09/19/2011)
- Fixed JENKINS-8058: "<" and ">" characters were not supported in regular expression patterns
Version 1.1 (06/08/2011)
- SCM permissions (e.g. Tag) can now be handled at the project roles level
- Improved UI to handle large installations:
- Deletion buttons are now also displayed on the left of each table
- When having table with more than 20 entries, a footer is now added which repeats header
- It is now possible to edit already defined patterns by double-clicking on them in the Project roles table
- Fixed some typos
- Fixed some image display issues
Version 1.0 (09/20/2010)
- Initial release
Save
Attachments:
role-strategy-05.png (image/png)
role-strategy-04.png (image/png)
role-strategy-01.png (image/png)
role-strategy-02.png (image/png)
role-strategy-03.png (image/png)
catalinalog.txt (text/plain)
roles.jpg (image/jpeg)
user-role.jpg (image/jpeg)
defaultview.jpg (image/jpeg)
111.png (image/png)
role.png (image/png)
assign.png (image/png)
Screen Shot 2013-08-29 at 17.18.24.png (image/png)
Screen Shot 2013-11-25 at 22.51.29.png (image/png)
Screen Shot 2014-10-11 at 10.28.34 AM.png (image/png)
Screen Shot 2014-10-11 at 10.30.35 AM.png (image/png)
Screen Shot 2014-10-11 at 10.31.45 AM.png (image/png)
Global_Security.png (image/png)
Roles.png (image/png)
manage-global-credentials-role.png (image/png)
manage-global-credentials-role.png (image/png)
image2018-8-5 18:5:4.png (image/png)
image2018-8-5 18:5:58.png (image/png)
aa.png (image/png)
bb.png (image/png)
role-strategy-04.png (image/png)
role-strategy-01.png (image/png)
role-strategy-02.png (image/png)
role-strategy-03.png (image/png)
catalinalog.txt (text/plain)
roles.jpg (image/jpeg)
user-role.jpg (image/jpeg)
defaultview.jpg (image/jpeg)
111.png (image/png)
role.png (image/png)
assign.png (image/png)
Screen Shot 2013-08-29 at 17.18.24.png (image/png)
Screen Shot 2013-11-25 at 22.51.29.png (image/png)
Screen Shot 2014-10-11 at 10.28.34 AM.png (image/png)
Screen Shot 2014-10-11 at 10.30.35 AM.png (image/png)
Screen Shot 2014-10-11 at 10.31.45 AM.png (image/png)
Global_Security.png (image/png)
Roles.png (image/png)
manage-global-credentials-role.png (image/png)
manage-global-credentials-role.png (image/png)
image2018-8-5 18:5:4.png (image/png)
image2018-8-5 18:5:58.png (image/png)
aa.png (image/png)
bb.png (image/png)