Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Jenkins - How to set authorization on project basis

In Jenkins I have two different projects and two users I want to authorize:

User1 can only view, build, deploy Project1.

User2 can only view, build, deploy Project2.

I have installed role based plugin, but am unable to get it working. Please help.

like image 316
Ranjit choudhary Avatar asked Aug 20 '15 07:08

Ranjit choudhary


People also ask

What is project-based matrix authorization in Jenkins?

Project-based matrix authorization allows configuring permissions for each item or agent independently. Permission applying to such items or agents that are granted in the global configuration apply to all of them, unless they don't inherit global permissions (see below).

How do I change the authorization method in Jenkins?

Change Jenkins Authorization Method For this, go to “Manage Jenkins”, click on “Configure Global Security”, under the “Access Control” section, for the “Authorization”, click on “Role-Based Strategy” as shown below.


2 Answers

I agree Project Based could solve your problem but it would create headache on administrator if going forward you have 100 users. Then For each user you have to give permissions,which will be a lot of effort and for those who are facing issues with Role based plugin. Here is the solution:-

Step 1:- click on Global configuration under Manage Jenkins.

Step 2:- click on radio button "Role-Based Strategy" and save.

Step 3:- Go to Manage and Assign Roles under Manage Jenkins.

Step 4:- select Manage Roles.

Step 5:- You will see somewhat similar image as

manage role

Step 6:- Now add a global role part from admin under "role to add" option and grant Read Permission only.Shown in Blue color

For eg:- Employee in this case

Step 7:- For the above question and below example some assumptions

Test = Project1
check = Project2

Under Project roles:-

 Role to add:-developer

 Pattern:-Test

This means developer will be able to view only Project "Test".

Pattern is basically your project name.You can use regular expressions also here. For eg:- Pattern:- Tes* then all projects beginning with Tes will have role as developer.

Similarly Add role as tester and Pattern as check,shown under black box,Tester will be able to view only Project "check"

Step 8:- Give the respective permissions view,build etc by check boxes and click on save.

Step 9:- Now go back to Manage Roles and select assign role and you will find something similar to this.

assign role

Step 10:- Under Global role add user1 and user2 and check box on to Employee as their role as shown in in the image above in black box.

[NOTE]Every New User/Group has to be added here and given the role of employee or admin.

Step 11:- Under Project Role,

Add user1 and user2 and assign them tester and developer role. As shown in green color.

Click on save.

[NOTE]

Developer will be able to view only Project "Test"
tester will be able to view only  Project "check"
like image 119
Triangle Avatar answered Sep 21 '22 11:09

Triangle


Matrix Authorization Strategy Plugin is the best option for your case. Very flexible configuration - both global and per project. You'll want to check in the 'Enable project-based security' option in project configuration ( the check box is close to the top of the job's config page ) and then add users/groups for which you want to configure the access permissions. After that use check boxes to set/remove permissions.

like image 37
Zloj Avatar answered Sep 18 '22 11:09

Zloj