Can anyone help on how to set global level permission in a way that a user upon given permission to reset his Jenkins password should not be able to reset others password. The current scenario is, in Jenkins, in Global Security, Project based Matrix Authentication Strategy is selected and under credentials when i enable update and view, user can reset other users password as well but i want all users to be restricted to reset others password here.
Can you show us what you mean? Cause nobody should be able to touch other peoples passwords
credentials would be the credentials system, not passwords for user accounts
It sounds like you gave people administrative permissions. Global admins can do everything, and you can’t subtract permissions from someone marked as admin, you have to take away admin and give them permissions.
Admins can.
Every user can change their own (Jenkins user database) password.
Yea that’s why I said my last paragraph where I figured everyone had admin.
here we use SAML and we add the group that’s the ‘Authenticated Users’ in the Configure Global Security enabling only the required minimal permissions (overall: Read, Credentials: Create, Agent: Build, Configure, Connect, Create, Disconnect, Job: Create, View: Configure, Create, Read) and not the admin permissions. In case if a users want to reset their jenkins password we as a admin will need to enable the view and update options under credentials. If enabled only this 2 options the user will be able to reset others password as well. Wonder what can be done where the user can reset his own password only with no need to reach out to the admin for the password reset.
here we use SAML and we add the group that’s the ‘Authenticated Users’ in the Configure Global Security enabling only the required minimal permissions (overall: Read, Credentials: Create, Agent: Build, Configure, Connect, Create, Disconnect, Job: Create, View: Configure, Create, Read) and not the admin permissions. In case if a users want to reset their jenkins password we as a admin will need to enable the view and update options under credentials. If enabled only this 2 options the user will be able to reset others password as well. Wonder what can be done where the user can reset his own password only with no need to reach out to the admin for the password reset.
could you suggest the possible way out to make this changes…
What exactly do you mean when you write “Jenkins password”? I see it generally refer to the password used to log into Jenkins when you use the Jenkins user database, which isn’t the case here.
Credentials stored in Jenkins used to authenticate against other services aren’t subject to fine-grained (individual) access control. You can store them in specific folders rather than at the global level to limit who has access to them by configuring permissions for the folder. They’ll only be available to jobs within that folder though.