Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
View Debug Logs security setting
-
Using BuildMaster 4.1.3 (originally noticed in 4.0.7), the View Debug Logs security option doesn't seem to work the way I expect. We have some passwords stored in system variables which we do not want to be visible to all developers. Since those passwords are printed in plain text in the debug log, we took away the "View Debug Logs" permission from the Developer group. On testing, our developers are still able to go to the Execution Details page and click the [log] link to view the detailed log (including the password).
Is this a bug or does that option do something different than I expect? For now we are working around the problem by just taking away the View Execution Details permission, but we would prefer to allow our developers to get to that page but not view the logs.
Product: BuildMaster
Version: 4.1.3
-
Your scenario sounds pretty common and you are correct in your assumption of how it's supposed to work - there must be something strange with the way the permissions are set up. Are there any more specific granted privileges that would override the deny?
Also, what is the exact URL of the page you're attempting to view? There are multiple places where you could possibly view debug logs.
-
The url is just
http://<server>/applications/<appId>/executions/view-log?executionId=<executionId>&buildExecutionPlanActionId=<actionId>.In the Builds section of the Edit Developer Role dialog, the developer has these rights:
- Create Build
- Execute Build
- Manage Build Schedules
- Promote Build
- Re-Execute Build
- Reject Build
- View Artifact
- View Build History
- View Build Overview
- View Execution Details
- View Promotion Details
That leaves Force Build, Override Promotion Status, and View Debug Logs disabled. With that setup (all other groups are at their default values for developers), our developers are able to go to the link above and see build logs. Through the UI, they can also go to the Execution Details for any build execution that has been run and view the logs for each step.
For Manage Privileges, all of our roles are set at the System level, so I don't believe it's a simple case like the developer being marked as an admin for a specific job.
-
The URL above got mangled. It should be http://server/applications/{appId}/executions/view-log?executionId={execId}&buildExecutionPlanActionId={actionId}
-
Do you have any other thoughts on this? I'm seeing the same issue in 4.1.4. Just to be save, I removed View Debug Logs permissions from everyone (even administrators), but all users are still able to view them.
-
Can you send a screenshot to support@inedo.com exhibiting this behavior? In a quick smoke test my debug logs disappear when I remove the task from all the roles.