Remove ancient history from "Managing Security" section

[StackScribe]

Describe your use-case which is not covered by existing documentation.

The "Managing Security" section has some "transitional" information related to very old releases of Jenkins that are no longer relevant. And the order of the page does not match the order of the items as they appear in the "Configure Global Security" screen. This issue fixes these problems without making substantive changes to the content or addressing some larger structural issues that exist.

Changes to be made:

• Remove the second paragraph, which reads "As of Jenkins 2.0, many of the security options were enabled by default to ensure that Jenkins environments remained secure unless an administrator explicitly disabled certain protections."
• Rename the "Enable Security" header to be "Configuring Security"
• Delete the first two paragraphs after the "Configuring Security" header
• Replace those paragraphs with:
  "Jenkins is installed with some basic security provisions. Users can log in with a username and password in order to perform operations not available to anonymous users. By default, logged-in users have full access to all Jenkins functionality and are managed using the "Jenkins own user database" security realm. The default configuration also includes protections against many common threats.
• In the last paragraph before the screen graphic, change "The Security' section..." to "The Configure Global Security' section..."
• Reorganize the subsequent sections to correspond to the order they appear in the screen graphic. So the sections/subsections should be in the following order:
  • Authentication (rename the "Access Control" section to "Authentication" to match the screen graphic.) This includes the "Security Realm" and "Authorization" subsections.
  • Markup Formatter
  • TCP Port
  • CSRF Protection
  • Agent/Master Access Control

@kmartens27 A couple questions:

• Why are the TCP Port, CSRF Protection, and Agent/Master Access Control sections not showing in the screen graphic? Have they been moved or removed without adjusting the text?
• Shouldn't it be "Agent -> Controller Access Control" as used in Agent->Controller Access Control?

Reference any relevant documentation, other materials or issues/pull requests that can be used for inspiration.

No response

Are you interested in contributing a fix?

No response

[yuvrajsi9gh]

Hi! I’d like to work on this issue as my first contribution.

Before I start:

• Can you confirm the file location for the "Managing Security" page?
• Should I update the screenshot since some sections (TCP Port, CSRF, Agent/Master) aren’t shown??
• Should “Agent/Master Access Control” be updated to “Agent → Controller Access Control” everywhere?

Thanks!

[zbynek]

@yuvrajsi9gh the issue is assigned and there's an open PR for it; #8376, if you want to help and you have experience with configuring Jenkins security, you can review that PR.

[sudhanshu-raj]

Hey, I noticed this issue is still open, and changes have been made in PR #8376 , but it hasn’t been merged yet. @krisstern suggested that these changes might not be necessary. Could we clarify whether these changes are required and if this issue should remain open, or can this be resolved and closed?

[varun-bhardwaj-sde]

@krisstern sir is it okay if i try

[krisstern]

@sudhanshu-raj @varun-bhardwaj-sde please notice this issue has been assigned. Like what Zbynek has said, you may want to find another issue to work on.