0

users' entitlements consolidated list, why so difficult?

from audit standpoint, we have to remove users from time to time.

it is a known issue/bug that it is not possible to remove users in cloudbees jenkins because if there is a git history, the user will not be deleted but recreated.

on a different note, removal should still go through and any entitlements across all jobs/folders should be removed but it doesn't work that way. The entitlements are not removed when doDelete api is done, inclusive of GUI.

We have to keep an inventory of all user entitlements of user and run submitRemoveMember api call for all such entitlements. 

Why can't this be easy where we can glimpse all user entitlements like in other platform like GitHub enterprise.

 

1 comment

  • 0
    Avatar
    Ryan Campbell

    If your goal is to prevent them the user from accessing Jenkins, you just need to disable their login via ldap or whatever authentication mechanism you are using.

    Correspondingly, if you want to keep their login active, but remove access to Jenkins, you should use CloudBees Role Based Access Control which allows you to grant access to groups, such as an LDAP group. In this manner, you could remove them from a given LDAP group and consequently remove their Jenkins access.

    We'd love to hear how this experience could be improved. Please send your ideas to our Feedback system at https://cloudbees.com/feedback.

Please sign in to leave a comment.