Jenkins Ambiguous Permission

Question

After updating Jenkins, it is sending a warning for ambiguous permission for project base permission. I can migrate the entry to user or group manually, was wondering if there's an automate or batch way to do so?

Warning Messages

Some permission assignments are ambiguous. It is recommended to update affected configurations to be unambiguous. See this overview page for a list of affected configurations.

This table contains rows with ambiguous entries. This means that they apply to both users and groups of the specified name. If the current security realm does not distinguish between user names and group names unambiguously, and if users can either choose their own user name or create new groups, this configuration may allow them to obtain greater permissions. It is recommended that all ambiguous entries are replaced with ones that are either explicitly a user or group.

Answer 1

I have deleted old entries and added them again, warning disappeared.

Answer 2

There should be a button next to flagged ambiguous rows (on the right side of the permissions matrix) allowing you to quickly select whether that row is a user or a group. That was the fastest way I found so far

Answer 3

You may fix it in config.xml files directly using GNU sed/find. Go to $JENKINS_HOME (usually /var/lib/jenkins) and run this command:

find config.xml jobs/ -name config.xml -exec sed -i '/USER:\|GROUP:/! s/<permission>/<permission>USER:/' '{}' \;

It will change the global config first (the global permissions) and then each of your jobs' config files, making each permission the USER type (if it isn't already typed). Then go to the Manage Jenkins menu and hit the "Reload Configuration from Disk" button (or just stop the jenkins service before running find/sed).