Due to some maintenance issues, this service has been switched in read-only mode, you can find more information about the why

and how to migrate your plugin documentation in this blogpost

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 59 Current »

The performance of this plugin is being improved as a part of Google Summer of Code 2019. Help us understand how you use this plugin through our Gitter chat.
Adds a new role-based strategy to manage users' permissions.

Plugin Information

View Role-based Authorization Strategy on the plugin site for more information.

Older versions of this plugin may not be safe to use. Please review the following warnings before using an older version:

About this plugin

This plugin adds a new role-based strategy to ease and fasten users management.

See the plugin documentation on GitHub: https://github.com/jenkinsci/role-strategy-plugin/blob/master/README.md

Version history

Version 2.11 and newer versions

See the changelog here

Version 2.10 (Feb 11, 2019)

  • (info) Jenkins 2.60.3 is now the minimal requirement of the plugin
  • (plus) JENKINS-44472 - "Manage roles" table now supports preview of jobs matching the regular expression 
  • (plus) PR #45 - REST API: getRole now also returns SID assignments
  • (info) JENKINS-55804,  JENKINS-55803 - Improve performance of the plugin on instances with many roles
  • (info) JENKINS-49102 - "Manage roles" page now displays patterns in quotes to properly visualize whitespace patterns
  • (info) JENKINS-45942 - REST API: Throw error when a non-existent permission is added in the addRole call
  • (error) JENKINS-54900 - REST API: Prevent concurrency issues when permissions are checked in parallel with REST API calls

Internal changes:

  • (plus) JENKINS-55916 - RoleWalker iterator now can be aborted by the handler
  • (plus) JENKINS-55933 - First version of the Role Strategy performance testing instance

Version 2.9.0 (Aug 27, 2018)

  • (plus) PR #42 - Add REST API for retrieving particular roles
    • Example: curl -XGET 'http://localhost:8080/jenkins/role-strategy/strategy/getRole?type=globalRoles&roleName=admin'

Version 2.8.2 (Aug 07, 2018)

  • (error) PR #41 - getAllRoles REST API call was not closing output writer properly, and responses were missing in some cases
  • (error) PR #40 - Prevent NullPointerException when getAllRoles REST API is called for non-existent role type

Version 2.8.1 (May 25, 2018)

  • (error) PR #39 - Prevent NullPointerException when adding role to an empty type from REST API

Version 2.8.0 (May 16, 2018)

  • (plus) PR #37 - getAllRoles method now allows retrieving Job and Agent roles
    • Example: curl -X GET localhost:8080/role-strategy/strategy/getAllRoles?type=globalRoles ("projectRoles" or "slaveRoles")

Version 2.7.0 (Feb 06, 2018)

Version 2.6.1 (Oct 04, 2017)

Version 2.6.0 (Aug 28, 2017)

  • (plus) PR #30 - Add REST API endpoints to get and unassign roles
    • Examples:
      • Unassign role: curl -X POST localhost:8080/role-strategy/strategy/unassignRole --data "type=globalRoles&roleName=AMD&sid=username"
      • List roles: curl -X GET localhost:8080/role-strategy/strategy/getAllRoles
  • (info) Update Jenkins core minimal requirement to 1.625.3

Version 2.5.1 (July 10, 2017)

Version 2.5.0 (Jun 02, 2017)

Version 2.4.0 (Apr 10, 2017)

This change is a part of the Security release in Jenkins.

  • (error) SECURITY-410 - Prohibit dangerous permissions by default
    • Permissions like "Jenkins.RUN_SCRIPTS" cannot be granted to non-admin users by default
    • After the upgrade to 2.4.0, such dangerous permission configurations will be disabled and reported in the Administrative Monitor
    • "org.jenkinsci.plugins.rolestrategy.permissions.DangerousPermissionHandlingMode.enableDangerousPermissions" system property can be used to allow these dangerous permissions (not recommended)
    • See the referenced issue for more info
  • (error) Fixed escaping of descriptions in the Role Strategy Macros list (JENKINS-38230)


After the update the dangerous permissions will be disabled, hence some Jenkins instances may require reconfiguration if they rely on dangerous configurations (e.g. RUN_SCRIPTS without ADMINISTER)

Version 2.3.2 (06/13/2016)

  • (error) Performance: Disable user authorities resolution in permission checks by default (JENKINS-35515)
    • It has been done due to the reported performance degradation in 2.3.0
    • The 2.3.0 behavior can be restored by the org.jenkinsci.plugins.rolestrategy.Settings.treatUserAuthoritiesAsRoles system property
    • If you enable it, the performance can be also tweaked by org.jenkinsci.plugins.rolestrategy.Settings.userDetailsCacheMaxSize and org.jenkinsci.plugins.rolestrategy.Settings.userDetailsCacheExpircationTimeSec
  • (error) Authorities resolution: Catch Runtime Exceptions from underlying Security Realms. Prevents Jenkins DoS in such case (JENKINS-35652)
  • (info) Generalize the help message for role patterns (JENKINS-35250)

2.3.1 is skipped due to the typo in the property name

Version 2.3.0 (06/07/2016)


There are performance regressions reported to this version. Upgrade only after testing

Version 2.2.0 (06/29/2014)

  • (plus) Support of Create Job permissions since jenkins-1.566 (JENKINS-19934)
    • The permission requires the specific item name validation strategy, which should be selected in Jenkins global configuration
  • (error) Fixed help links in manage-roles pages (JENKINS-15030)
  • (info) Slave permissions: Allow assignment of permissions, which don't belong to "Slave" group (JENKINS-18978)

Version 2.1.0 (07/20/2013)

Version 1.1.3 (07/10/2013)

  • Prevented exceptions in case of missing roles (JENKINS-18648)
  • Prevented exceptions in case of deleted Permissions
  • Support of folders plugin (JENKINS-17482)
  • Upgraded to Jenkins 1.424

Version 1.1.2 (10/14/2011)

  • Implemented JENKINS-9325: Permissions contributed by plugins can now be managed at the project roles level
  • Upgraded to Jenkins 1.409

Version 1.1.1 (09/19/2011)

  • Fixed JENKINS-8058: "<" and ">" characters were not supported in regular expression patterns

Version 1.1 (06/08/2011)

  • SCM permissions (e.g. Tag) can now be handled at the project roles level
  • Improved UI to handle large installations:
    • Deletion buttons are now also displayed on the left of each table
    • When having table with more than 20 entries, a footer is now added which repeats header
    • It is now possible to edit already defined patterns by double-clicking on them in the Project roles table
  • Fixed some typos
  • Fixed some image display issues

Version 1.0 (09/20/2010)

  • Initial release


  • No labels