Your browser was unable to load all of the resources. They may have been blocked by your firewall, proxy or browser configuration.
Press Ctrl+F5 or Ctrl+Shift+R to have your browser try again.

Default enable "Hide inherited" option on variables page. #4348

thang.dv2 ·

Dear all,

On Variables page, Hide inherited option exist.
To protect exposing our scripts and important variable and values from their parents, reversing the default setting of Hide inherited option from Disable to Enable and give change permission only to Admin or some operators only who have default disable "Hide inherited" option, would be better. EDIT_VARIABLES is an option I think so.

Please consider about this improvement.

Thank you so much!

  • replies 6
  • views 1498
  • stars 0
robinshen ADMIN ·

So you want child configuration settings to be accessed and edited by some person, but do not want them to see and use variables in parent configurations? If so, this is problematic, as they can simply use a variable name possibly defined in parent configuration and print the value in build output.

thang.dv2 ·

Yes, you are right, but our users are hardly QuickBuild developers. Their main purpose is to use as CI system. User can configure some special child variables.
We should protect the disclosure of scripts as well as important variables and values from their parents as many possible as.

robinshen ADMIN ·

The problem is: as long as they can edit variables, they can print inherited variable in build log. For instance, they can define a variable say "myvar" with value "${vars.getValue("parentVar")}". We can not prevent using inherited variables in other variables as this is heart of QB and many assumptions are built upon this.

absalom1 ·

Looks like there is some miscommunication.

this is heart of QB and many assumptions are built upon this.

We definitely agree with the sentence and love it.

We are asking to change the default setting of "Hide inherited" option to **enabled **it not to expose variables.
However, users having access permission to child configuration are able to see variables defined at parent configurations by disabling the "Hide inherited" option.
Also, using them from child configuration would not be blocked.

By changing the default setting of "Hide inherited" option, we just want to reduce the exposure of variables a little bit more.

robinshen ADMIN ·

So you want option "hide inherited variables" to be enabled always, and unauthorized users can not even enable it from GUI? But still they can edit child configurations to use inherited variables? Is this true, this seems very inconsistent and will cause confusions. And unauthorized users can still access value of inherited variables as they want.

robinshen ADMIN ·

Also "reduce exposure" seems dangerous to me if it can not completely "avoid exposure" and administrator may rely on this feature to put very sensitive information in parent variables, and he/she may not realize that this is not really safe.