jenkins:
authorizationStrategy: unsecured
Administrators may accidentally set up a security realm or authorization strategy in such a way that they are no longer able to administer or even access Jenkins.
When this happens, there are ways to reset the access control configuration to allow anyone to administer Jenkins. The exact steps to do this depend on how you manage the Jenkins configuration. The sections below explain how to disable access control in multiple different ways.
After applying the advice below, Jenkins will be in an entirely unsecured mode after it starts, allowing anyone full access. If you are able to, consider making Jenkins accessible only by you while the configuration is being reset. One way to do this is to make sure that Jenkins is only accessible from the server it is running on.
If Jenkins is run using the built-in Winstone/Jetty container, set the |
config.xml
Use these instructions if your Jenkins configuration is not managed using Configuration as Code plugin or Groovy Init Hooks.
The following steps will delete the configuration for security realm and authorization strategy. Make sure you have a backup, to be able to restore the configuration to as close to the original state (except one where you’re not locked out) as possible. |
Stop Jenkins.
Go to the Jenkins home directory.
Open the file config.xml
in this directory in a text editor.
Make sure you use an editor that supports Unix line breaks.
Look for the <useSecurity>true</useSecurity>
element in this file.
Look for the elements <securityRealm>
and <authorizationStrategy>
and remove them.
Either may span multiple lines, delete everything up to and including </securityRealm>`
and </authorizationStrategy>
, respectively.
Replace true
with false
.
Start Jenkins.
If you configure Jenkins using Configuration as Code Plugin (JCasC), choose this approach.
Locate your JCasC configuration file.
The default location is jenkins.yaml
in the Jenkins home directory, but it can be located in a number of places.
Review the Jenkins Configuration as Code plugin documentation for details.
Once you have located the file:
Modify the authorizationStrategy
directive in the jenkins
setion so that it configures the Anyone can do anything authorization strategy:
jenkins:
authorizationStrategy: unsecured
Restart your Jenkins instance to re-apply the modified configuration.