I hope someone can point out some schoolboy error I'm making here as I'm about to lose my mind.
Any idea why the permissions are vanishing?
To get around this I have to clean out all users and set them up again, but these are again wiped on restart.
Thanks in advance
EDIT
I am using Jenkins own user db and have tried both matrix-based permissions and project based matrix authorisation.
After restart when I try to access an jenkins config page I get the error "t143ahe is missing the Overall/Administer permission"
My config.xml after restart is (Looks like I do have administer according to this):
<?xml version='1.0' encoding='UTF-8'?>
<hudson>
<disabledAdministrativeMonitors/>
<version>1.0</version>
<numExecutors>2</numExecutors>
<mode>NORMAL</mode>
<useSecurity>true</useSecurity>
<authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy">
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:T143AHE</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:T143AHE</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:T143AHE</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:T143AHE</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:T143AHE</permission>
<permission>hudson.model.Computer.Build:T143AHE</permission>
<permission>hudson.model.Computer.Configure:T143AHE</permission>
<permission>hudson.model.Computer.Connect:T143AHE</permission>
<permission>hudson.model.Computer.Create:T143AHE</permission>
<permission>hudson.model.Computer.Delete:T143AHE</permission>
<permission>hudson.model.Computer.Disconnect:T143AHE</permission>
<permission>hudson.model.Hudson.Administer:T143AHE</permission>
<permission>hudson.model.Hudson.ConfigureUpdateCenter:T143AHE</permission>
<permission>hudson.model.Hudson.Read:T143AHE</permission>
<permission>hudson.model.Hudson.Read:anonymous</permission>
<permission>hudson.model.Hudson.RunScripts:T143AHE</permission>
<permission>hudson.model.Hudson.UploadPlugins:T143AHE</permission>
<permission>hudson.model.Item.Build:T143AHE</permission>
<permission>hudson.model.Item.Cancel:T143AHE</permission>
<permission>hudson.model.Item.Configure:T143AHE</permission>
<permission>hudson.model.Item.Create:T143AHE</permission>
<permission>hudson.model.Item.Delete:T143AHE</permission>
<permission>hudson.model.Item.Discover:T143AHE</permission>
<permission>hudson.model.Item.Read:T143AHE</permission>
<permission>hudson.model.Item.Workspace:T143AHE</permission>
<permission>hudson.model.Run.Delete:T143AHE</permission>
<permission>hudson.model.Run.Update:T143AHE</permission>
<permission>hudson.model.View.Configure:T143AHE</permission>
<permission>hudson.model.View.Create:T143AHE</permission>
<permission>hudson.model.View.Delete:T143AHE</permission>
<permission>hudson.model.View.Read:T143AHE</permission>
<permission>hudson.scm.SCM.Tag:T143AHE</permission>
</authorizationStrategy>
<securityRealm class="hudson.security.HudsonPrivateSecurityRealm">
<disableSignup>false</disableSignup>
<enableCaptcha>false</enableCaptcha>
</securityRealm>
<disableRememberMe>false</disableRememberMe>
<projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
<workspaceDir>${ITEM_ROOTDIR}/workspace</workspaceDir>
<buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
<markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
<jdks/>
<viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
<myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
<clouds/>
<slaves/>
<scmCheckoutRetryCount>0</scmCheckoutRetryCount>
<views>
<hudson.model.AllView>
<owner class="hudson" reference="../../.."/>
<name>All</name>
<filterExecutors>false</filterExecutors>
<filterQueue>false</filterQueue>
<properties class="hudson.model.View$PropertyList"/>
</hudson.model.AllView>
</views>
<primaryView>All</primaryView>
<slaveAgentPort>0</slaveAgentPort>
<label></label>
<nodeProperties/>
<globalNodeProperties/>
</hudson>
My user specific config.xml is:
<user>
<fullName>scribe1010</fullName>
<properties>
<hudson.model.PaneStatusProperties>
<collapsed/>
</hudson.model.PaneStatusProperties>
<jenkins.security.ApiTokenProperty>
<apiToken>lnqauTbOZ0xuAK9qBuh6/UG3RRmzN4mxkiSADlYmQD7jkqN1XswzKmqEOLpvBVsG</apiToken>
</jenkins.security.ApiTokenProperty>
<com.cloudbees.plugins.credentials.UserCredentialsProvider_-UserCredentialsProperty plugin="[email protected]">
<domainCredentialsMap class="hudson.util.CopyOnWriteMap$Hash"/>
</com.cloudbees.plugins.credentials.UserCredentialsProvider_-UserCredentialsProperty>
<hudson.model.MyViewsProperty>
<views>
<hudson.model.AllView>
<owner class="hudson.model.MyViewsProperty" reference="../../.."/>
<name>All</name>
<filterExecutors>false</filterExecutors>
<filterQueue>false</filterQueue>
<properties class="hudson.model.View$PropertyList"/>
</hudson.model.AllView>
</views>
</hudson.model.MyViewsProperty>
<hudson.search.UserSearchProperty>
<insensitiveSearch>false</insensitiveSearch>
</hudson.search.UserSearchProperty>
<hudson.security.HudsonPrivateSecurityRealm_-Details>
<passwordHash>#jbcrypt:$2a$10$29UCLwZafb8TTSsGvsWYBunY034m1q.Wjgl5JfbCJR83Dcvvs1Dh2</passwordHash>
</hudson.security.HudsonPrivateSecurityRealm_-Details>
<hudson.tasks.Mailer_-UserProperty plugin="[email protected]">
<emailAddress>[email protected]</emailAddress>
</hudson.tasks.Mailer_-UserProperty>
<jenkins.security.LastGrantedAuthoritiesProperty>
<roles>
<string>authenticated</string>
</roles>
<timestamp>1416992003750</timestamp>
</jenkins.security.LastGrantedAuthoritiesProperty>
</properties>
</user>
NOTE: Here the role is listed as 'authenticated' rather than anything like 'administrator' etc... (don't know if this is an issue or not).
EDIT 2 I've upgraded to the latest rpm but no fix.
As suggested by Daniel in the comments, restricting usernames to lowercase (and potentially the extra configuration save) has done the trick and permissions now persist after a restart.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With