Jenkins : Role Strategy Plugin

The performance of this plugin is being improved as a part of Google Summer of Code 2019. Help us understand how you use this plugin through our Gitter chat.
Adds a new role-based strategy to manage users' permissions.

Plugin Information

View Role-based Authorization Strategy on the plugin site for more information.

About this plugin

This plugin adds a new role-based strategy to ease and fasten users management.

See the plugin documentation on GitHub:

Version history

Version 2.11 and newer versions

See the changelog here

Version 2.10 (Feb 11, 2019)

  • (info) Jenkins 2.60.3 is now the minimal requirement of the plugin
  • (plus) JENKINS-44472 - "Manage roles" table now supports preview of jobs matching the regular expression 
  • (plus) PR #45 - REST API: getRole now also returns SID assignments
  • (info) JENKINS-55804,  JENKINS-55803 - Improve performance of the plugin on instances with many roles
  • (info) JENKINS-49102 - "Manage roles" page now displays patterns in quotes to properly visualize whitespace patterns
  • (info) JENKINS-45942 - REST API: Throw error when a non-existent permission is added in the addRole call
  • (error) JENKINS-54900 - REST API: Prevent concurrency issues when permissions are checked in parallel with REST API calls

Internal changes:

  • (plus) JENKINS-55916 - RoleWalker iterator now can be aborted by the handler
  • (plus) JENKINS-55933 - First version of the Role Strategy performance testing instance

Version 2.9.0 (Aug 27, 2018)

  • (plus) PR #42 - Add REST API for retrieving particular roles
    • Example: curl -XGET 'http://localhost:8080/jenkins/role-strategy/strategy/getRole?type=globalRoles&roleName=admin'

Version 2.8.2 (Aug 07, 2018)

  • (error) PR #41 - getAllRoles REST API call was not closing output writer properly, and responses were missing in some cases
  • (error) PR #40 - Prevent NullPointerException when getAllRoles REST API is called for non-existent role type

Version 2.8.1 (May 25, 2018)

  • (error) PR #39 - Prevent NullPointerException when adding role to an empty type from REST API

Version 2.8.0 (May 16, 2018)

  • (plus) PR #37 - getAllRoles method now allows retrieving Job and Agent roles
    • Example: curl -X GET localhost:8080/role-strategy/strategy/getAllRoles?type=globalRoles ("projectRoles" or "slaveRoles")

Version 2.7.0 (Feb 06, 2018)

Version 2.6.1 (Oct 04, 2017)

Version 2.6.0 (Aug 28, 2017)

  • (plus) PR #30 - Add REST API endpoints to get and unassign roles
    • Examples:
      • Unassign role: curl -X POST localhost:8080/role-strategy/strategy/unassignRole --data "type=globalRoles&roleName=AMD&sid=username"
      • List roles: curl -X GET localhost:8080/role-strategy/strategy/getAllRoles
  • (info) Update Jenkins core minimal requirement to 1.625.3

Version 2.5.1 (July 10, 2017)

Version 2.5.0 (Jun 02, 2017)

Version 2.4.0 (Apr 10, 2017)

This change is a part of the Security release in Jenkins.

  • (error) SECURITY-410 - Prohibit dangerous permissions by default
    • Permissions like "Jenkins.RUN_SCRIPTS" cannot be granted to non-admin users by default
    • After the upgrade to 2.4.0, such dangerous permission configurations will be disabled and reported in the Administrative Monitor
    • "org.jenkinsci.plugins.rolestrategy.permissions.DangerousPermissionHandlingMode.enableDangerousPermissions" system property can be used to allow these dangerous permissions (not recommended)
    • See the referenced issue for more info
  • (error) Fixed escaping of descriptions in the Role Strategy Macros list (JENKINS-38230)


After the update the dangerous permissions will be disabled, hence some Jenkins instances may require reconfiguration if they rely on dangerous configurations (e.g. RUN_SCRIPTS without ADMINISTER)

Version 2.3.2 (06/13/2016)

  • (error) Performance: Disable user authorities resolution in permission checks by default (JENKINS-35515)
    • It has been done due to the reported performance degradation in 2.3.0
    • The 2.3.0 behavior can be restored by the org.jenkinsci.plugins.rolestrategy.Settings.treatUserAuthoritiesAsRoles system property
    • If you enable it, the performance can be also tweaked by org.jenkinsci.plugins.rolestrategy.Settings.userDetailsCacheMaxSize and org.jenkinsci.plugins.rolestrategy.Settings.userDetailsCacheExpircationTimeSec
  • (error) Authorities resolution: Catch Runtime Exceptions from underlying Security Realms. Prevents Jenkins DoS in such case (JENKINS-35652)
  • (info) Generalize the help message for role patterns (JENKINS-35250)

2.3.1 is skipped due to the typo in the property name

Version 2.3.0 (06/07/2016)


There are performance regressions reported to this version. Upgrade only after testing

Version 2.2.0 (06/29/2014)

  • (plus) Support of Create Job permissions since jenkins-1.566 (JENKINS-19934)
    • The permission requires the specific item name validation strategy, which should be selected in Jenkins global configuration
  • (error) Fixed help links in manage-roles pages (JENKINS-15030)
  • (info) Slave permissions: Allow assignment of permissions, which don't belong to "Slave" group (JENKINS-18978)

Version 2.1.0 (07/20/2013)

Version 1.1.3 (07/10/2013)

  • Prevented exceptions in case of missing roles (JENKINS-18648)
  • Prevented exceptions in case of deleted Permissions
  • Support of folders plugin (JENKINS-17482)
  • Upgraded to Jenkins 1.424

Version 1.1.2 (10/14/2011)

  • Implemented JENKINS-9325: Permissions contributed by plugins can now be managed at the project roles level
  • Upgraded to Jenkins 1.409

Version 1.1.1 (09/19/2011)

  • Fixed JENKINS-8058: "<" and ">" characters were not supported in regular expression patterns

Version 1.1 (06/08/2011)

  • SCM permissions (e.g. Tag) can now be handled at the project roles level
  • Improved UI to handle large installations:
    • Deletion buttons are now also displayed on the left of each table
    • When having table with more than 20 entries, a footer is now added which repeats header
    • It is now possible to edit already defined patterns by double-clicking on them in the Project roles table
  • Fixed some typos
  • Fixed some image display issues

Version 1.0 (09/20/2010)

  • Initial release