How do I remove specific Jenkins User permissions form a User using Groovy?
I am able to add a specific Permission to a User using the following common script:
import hudson.model.*
import Jenkins.*
import hudson.security.Permission
import hudson.security.GlobalMatrixAuthorizationStrategy
String userId = "my_user"
List<String> userPermissionList = [hudson.model.Item.CONFIGURE]
Hudson instance = Jenkins.get()
GlobalMatrixAuthorizationStrategy authStrategy = Jenkins.instance.getAuthorizationStrategy()
// Adding each permission from list
userPermissionList.each { permission ->
authStrategy.add(permission, userId)
instance.setAuthorizationStrategy(authStrategy)
}
instance.save()
However, I looked everywhere to find how to remove a specific permission from a user. Looking at GlobalMatrixAuthorizationStrategy, there is a add() method, however no remove() of any sort.
Is this even possible??? (it has to be)
Or do I have add the difference to the user? As in, clear the user of all permissions and add back all but the ones I want to remove.
Solution
The Permission class has an attribute called enabled with associated getters and setters. You can add a permission by setting permission.enabled = true and to remove the permission you should explicitly set permission.enabled = false
The default value for
permission.enabledmay be different depending on what version of Jenkins you are running. It is best to explicitly set this value either way
import hudson.model.*
import Jenkins.*
import hudson.security.Permission
import hudson.security.GlobalMatrixAuthorizationStrategy
def userId = "gnocras"
def userPermissionList = [hudson.model.Item.CONFIGURE]
Hudson instance = Jenkins.get()
GlobalMatrixAuthorizationStrategy authStrategy = Jenkins.instance.getAuthorizationStrategy()
// Removing each permission from list
userPermissionList.each { permission ->
permission.enabled = false
authStrategy.add(permission, userId)
instance.setAuthorizationStrategy(authStrategy)
}
instance.save()
This intended to be ran in the Jenkin's Script Console
Before running the above script the user had the following permission
And after running this script the user had the following permission
If I rerun the script with permission.enabled = true the user has the following permission
- Jenkins: Error connecting to a GIT repository
- ERROR: Error cloning remote repo 'origin'
- Jenkins : [ERROR] actual and formal argument lists differ in length
- How to delete an archived artifact in jenkins?
- Extracting an entire Jenkins stage to a shared library?
- Install Jenkins Plugins with Ansible
- Jenkins not executing jobs (pending - waiting for next executor)
- How to get the BUILD_USER in Jenkins when job triggered by timer?
- Files are not updated after the Jenkins Build success triggered by the GitHub Actions
- Unable to set Jenkins plugin settings by Jenkins Job DSL
- Jenkins & Email Extension Plugin - Sending email with office365 SMTP server, 501 5.5.4 Invalid Domain Name
- Ignore Beta version suggestions in safety check results - Jenkins pipeline
- How to build docker images using a Declarative Jenkinsfile
- Jenkins script cant call DiskSpaceMonitor.getFreeSpace(computer) on SlaveComputer
- How to specify when branch NOT (branch name) in jenkinsfile?
- Invalid mount config for type "bind": bind mount source path does not exist: /home/jenkins/.docker (Istio)
- Jenkins Host key verification failed
- How do I schedule jobs in Jenkins?
- Files are not updated after the Jenkins Build success triggered by the GitHub Actions as expected
- jenkins - how to show the Pipeline Graph View in the build page
- How to enforce the 2nd job session in the waiting list in jenkins job
- which Jenkins plugin is allowing me to include contents of files in my email? it works, but why?
- Jenkins pipeline: Run all steps in stage, even if the first one fails
- Sending email in Jenkins with body from content in file
- Troubleshooting slow Jenkins
- How to stop & exit jenkins from Kubernetes cluster
- How to configure Jenkins to send a notification email when a Slave goes offline?
- Jenkins timeout/abort exception
- Jenkins: 403 No valid crumb was included in the request
- Jenkins symlinks/permalinks broken after restart