Allowing what users
can do when then login to a Jenkins server is quite important when running jenkins
server in production. Jenkins does provide multiple ways of authorization. When
we go to the "Manage Jenkins" -> Configure Global security, under
the Authorization tab we can see the available authorization strategies as
below,
In this article ,we will see how we
can use the Matrix Bases security and how it can be implemented. A matrix based
security allows users to be configured in such a way that only users will specific permission
can be able to perform certain actions.
1. In the Manage Jenkins ->
"Configure Global Security". Choose the "Matrix-based
security". We will see a matrix with "user/group" details and
there will be a text box below that to add users
2. Now add the admin user first and
give full permissions by selecting all checkbox. This will make sure we will
have one user who have all permissions to modify things in future and also work
as admin users
3. Now to the "Manage Jenkins"-> "Add Users". Create a user "worker" for our session.
3. Now to the "Manage Jenkins"-> "Add Users". Create a user "worker" for our session.
4. Now go back to the "Manage
Jenkins" -> "Configure global security" and in the matrix
based security, add the "worker" user and provide only access that
are necessary. In the above case ,we have provided access to the worker user in
job section as Read. We also need to provide a overall access permissions as
"Read" so that the user can have overall read permissions. Now save
the configuration and logout.
5. Once we login we can only see
certain jobs that the user has read only permissions. we can see some thing
like below,
We can see jobs that are given with a
read permissions. Even though we try to execute the job it wont as we dont have
enough permissions for the user.
This is how the matrix based security
works
No comments :
Post a Comment