Issue
-
When managing user permissions, a user might set a permission wrong and lose access when using their main administrator account. Regaining access can be done in a few steps.
-
global security needs to be changed, unable to login as administrator
Environment
-
CloudBees CI (CloudBees Core) on modern cloud platforms - Managed controller
-
CloudBees CI (CloudBees Core) on modern cloud platforms - Operations Center
-
CloudBees CI (CloudBees Core) on traditional platforms - Client controller
-
CloudBees CI (CloudBees Core) on traditional platforms - Operations Center
Resolution
There are two methods you could follow to restore access:
-
Restore a backup of your previous security realm settings from before you changed it
-
Disable security entirely so you can re-configure your security realm
The preferred option is option 1, since you will be restoring your previous authentication settings. Option 2 which disables security entirely is dangerous if your instance is accessible to anyone else. The reason it is dangerous is because anyone who can access the controller when security is disabled can access all information on that controller, including secret credentials and all of your jobs. The second option should only be used when you isolate network access to the controller during the timeframe when security is disabled.
Option 1
For option 1, which is restoring a backup of your previous security realm settings:
-
Stop the service.
-
Restore the
JENKINS_HOME/config.xml
from the backup you took immediately before you changed the security realm. We recommmend you do adiff
of the current content ofJENKINS_HOME/config.xml
and the version from the backup before you replace it, to ensure you understand what you are reverting. -
Start the service.
Option 2
For option 2, which is disabling security entirely so you can re-configure your security realm:
-
Stop Jenkins
-
Edit the config.xml file in the
JENKINS_HOME
folder and locate this line:`<useSecurity>true</useSecurity>`
Set the value to
false
-
Start Jenkins
-
If you don’t know your
admin
password when usingJenkins’ own user database
for yourSecurity Realm
, go toJENKINS_URL/user/admin/configure
to set the newadmin
password. -
Now go to
Manage Jenkins
->Configure Global Security
and choose yourSecurity Realm
andAuthorization
settings to re-enable security.