Sunday, September 3, 2017

Jenkins authorization - Matrix based Strategy

Allowing what users can do when then login to a Jenkins server is quite important when running jenkins server in production. Jenkins does provide multiple ways of authorization. When we go to the "Manage Jenkins" -> Configure Global security, under the Authorization tab we can see the available authorization strategies as below, 
In this article ,we will see how we can use the Matrix Bases security and how it can be implemented. A matrix based security allows users to be configured in such a  way that only users will specific permission can be able to perform certain actions.
1. In the Manage Jenkins -> "Configure Global Security". Choose the "Matrix-based security". We will see a matrix with "user/group" details and there will be a text box below that to add users
2. Now add the admin user first and give full permissions by selecting all checkbox. This will make sure we will have one user who have all permissions to modify things in future and also work as admin users

3. Now to the "Manage Jenkins"-> "Add Users". Create a user "worker" for our session.
4. Now go back to the "Manage Jenkins" -> "Configure global security" and in the matrix based security, add the "worker" user and provide only access that are necessary. In the above case ,we have provided access to the worker user in job section as Read. We also need to provide a overall access permissions as "Read" so that the user can have overall read permissions. Now save the configuration and logout.
5. Once we login we can only see certain jobs that the user has read only permissions. we can see some thing like below,
We can see jobs that are given with a read permissions. Even though we try to execute the job it wont as we dont have enough permissions for the user.

This is how the matrix based security works

No comments :

Post a Comment