How do i remove specific permissions for a user in Jenkins using groovy script?

somali · June 15, 2022, 6:52am

Hi all,

I am able to provide a user specific permissions in jenkins using the below script
import hudson.security.*
import jenkins.security.*
import jenkins.model.Jenkins
import hudson.model.User
def inst = Jenkins.getInstanceOrNull()
def strategy = inst.getAuthorizationStrategy()
strategy.add(Jenkins.ADMINISTER, “user_id”)
inst.save()

Is it possible to do the reverse i.e. remove permissions using groovy script? Can anyone help me with the script?

poddingue · June 15, 2022, 7:55am

Hello,

Could that help in any way?
Taken from StackOverflow:

The Permission class has an attribute called enabled with associated getters and setters. You can add a permission by setting permission.enabled = true and to remove the permission you should explicitly set permission.enabled = false

The default value for permission.enabled may be different depending on what version of Jenkins you are running. It is best to explicitly set this value either way

import hudson.model.*
import Jenkins.*
import hudson.security.Permission
import hudson.security.GlobalMatrixAuthorizationStrategy

def userId = "gfarkas"
def userPermissionList = [hudson.model.Item.CONFIGURE]

Hudson instance = Jenkins.get()
GlobalMatrixAuthorizationStrategy authStrategy = Jenkins.instance.getAuthorizationStrategy()

// Removing each permission from list
userPermissionList.each { permission ->
    permission.enabled = false
    authStrategy.add(permission, userId)
    instance.setAuthorizationStrategy(authStrategy)
}

instance.save()

This intended to be ran in the Jenkin’s Script Console

Before running the above script the user had the following permission

And after running this script the user had the following permission

If I rerun the script with permission.enabled = true the user has the following permission

somali · June 15, 2022, 9:10am

Hi Bruno,

Thanks for your reply. I had tried this piece of code. What this piece of code does is remove that entire permission class for all the users in that Jenkins instance. What i am looking for is to remove only one specific permission for one user.

woodywei · June 20, 2022, 9:41am

@somali
I post the newest comment on that post.
use this instead.
https://javadoc.jenkins.io/plugin/matrix-auth/org/jenkinsci/plugins/matrixauth/AuthorizationContainer.html#getGrantedPermissionEntries--

poddingue · June 20, 2022, 2:36pm

Hi Somali,

Isn’t the permission change only linked to the user referenced by userId?
Thanks.

Topic		Replies	Views
How to provide an user overall admin access using groovy script? Using Jenkins	4	1390	May 10, 2022
How to provide user permissions for "Lockable Resources" using groovy script in Jenkins Using Jenkins	1	681	June 6, 2022
How to give user access for parameters in Jenkins basused on user role in Role-based Authorization Strategy plugin Ask a question question	3	1266	October 26, 2023
Delete user from Jenkins Instance using API or CURL request Ask a question	1	1317	January 2, 2022
Disable Jenkins CLI Using Jenkins	6	1119	February 21, 2024

How do i remove specific permissions for a user in Jenkins using groovy script?

Related topics