Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add more permission descriptions #5534

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
115 changes: 112 additions & 3 deletions content/doc/book/security/access-control/permissions.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@ layout: documentation
:toc:
:toclevels: 3

// TODO add some more permissions

The following sections describe the access granted to users with (or without) the specified permissions.

== Default Permissions
Expand Down Expand Up @@ -107,6 +105,118 @@ Anything they cannot accomplish through the existing UI they can do through the
An instance on which an untrusted user gained _Overall/Administer_ permission should be considered fully compromised and should be replaced.
All secrets (credentials, etc.) stored on that instance should be rotated or revoked and all artifacts created from that point on should be verified.


=== _Agent_ Permissions

Agent/Build::
This permission allows users to run jobs as them on agents.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is basically useless unless you already know what it does (it's related to https://www.jenkins.io/doc/book/security/build-authorization/ ).

In default setup where all builds run under SYSTEM user this permission is not relevant,
but if link:/doc/book/security/build-authorization/[build authorization] is active this permission defines which users may run jobs on agents.

Agent/Configure::
This permission allows users to configure agents.
Users with this permission can make all jobs run on a computer where they have root access,
gaining access to all information used by the build (content of files, environment variables including credentials).

Agent/Connect::
This permission allows users to connect agents or mark agents as online.
+
This permission is implied by _Agent/Disconnect_.

Agent/Create::
This permission allows users to create agents. Security implications are the same as for _Agent/Configure_.

Agent/Delete::
This permission allows users to delete existing agents.

Agent/Disconnect::
This permission allows users to disconnect agents or mark agents as temporarily offline.

=== _Job_ Permissions

Though these permissions use the word "Job" in their name,
they refer to any items you can create using the _New Item_ menu option (freestyle jobs, folders, pipelines, ...)

Job/Build::
This permission grants the ability to start a new build.

Job/Cancel::
This permission grants the ability to cancel a scheduled, or abort a running, build.

Job/Configure::
Change the configuration of a job.

Job/Create::
Create a new job.

Job/Delete::
Delete a job.

Job/Discover::
This permission grants discover access to jobs.
Lower than read permissions, it allows you to redirect anonymous users to the login page when they try to access a job url.
Without it they would get a 404 error and wouldn't be able to discover project names.
+
This permission is only useful if anonymous users have _Overall/Read_ permission, but not _Job/Read_.
It is implied by _Job/Read_.

Job/Move::
Required to move a job from one folder (or Jenkins root) to another.

Job/Read::
See a job. (You may deny this permission but allow Discover to force an anonymous user to log in to see the job.)

Job/Workspace::
This permission grants the ability to retrieve the contents of a workspace Jenkins checked out for performing builds.
If you don’t want a user to access files in the workspace (e.g. source code checked out from SCM or intermediate build results) through the workspace browser, you can revoke this permission.

=== _Run_ Permissions

Run/Delete::
This permission allows users to manually delete specific builds from the build history.

Run/Update::
This permission allows users to update description and other properties of a build, for example to leave notes about the cause of a build failure.

=== _View_ Permissions

View/Configure::
This permission allows users to change the configuration of views.

View/Create::
This permission allows users to create new views.

View/Delete::
This permission allows users to delete existing views.

View/Read::
This permission allows users to see views (implied by generic read access).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

implied by generic read

That's a permission that exists but hasn't been shown on the UI pretty much ever, so it's not particularly helpful.


=== _Credentials_ Permissions

Following permissions are only enabled if the plugin:credentials[Credentials Plugin] is installed

Credentials/Create::
The create permission is necessary to add credentials to a credentials provider.

Credentials/Delete::
The delete permission is necessary to remove credentials stored in a credentials provider.

Credentials/ManageDomains::
The manage domains permission is necessary to add/remove/configure the credential domains of a credentials provider (where the credentials provider supports multiple credential domains).

Credentials/Update::
The update permission is necessary to modify credentials in a credentials provider.

Credentials/View::
The view permission is necessary to view the credentials stored in a credentials provider.

=== Pipeline-related Permissions

Run/Replay::
Ability to perform a new Pipeline build with an edited script. This permission is implied by Job/Configure.
This permission is enabled by plugin:workflow-cps[Pipeline: Groovy].

== Optional Permissions

These permissions are not enabled by default.
Expand Down Expand Up @@ -141,7 +251,6 @@ Learn more in jep:223[].
NOTE: This permission was added in Jenkins 2.222.
Some features, especially those provided by plugins, may not yet support this permission.


== Obsolete Permissions

The following three permissions are obsolete since Jenkins 2.222:
Expand Down
Loading