I am trying to make our Jenkins setup more secure, but I am unable to protect artifacts with the Permission to Copy Artifact option.
I have two jobs, where the downstream job copies artifacts from the upstream job by using the Copy Artifact Plugin. This works as expected. Now I want to ensure that only this specific downstream job can copy the artifacts of the upstream job, but that doesn't seem to work.
As far as I understand, you should specify the name of the downstream job in the Permission to Copy Artifact option of the upstream job. I tried this, but no matter what I configure in the Permission to Copy Artifact option of the upstream job, the downstream job is always allowed to copy the artifacts.
So I would like to know: are there any global options that must be enabled or disabled for this to work? Is there something else that I must configure before the permission to Copy Artifact option actually limits permissions?
Edit: I'm using version Copy Artifact Plugin 1.38.1.
