Managing Users & Roles

Default Logic

• Before Roles are Created, ALL users are admin
• Need Role Strategy Plugin to create/manage 'Roles'
  •  
• Create Roles, then assign users to lock system down
• Manage Jenkins > Manage Users > Create User
• API Token
• User must login to view the API Token ( for REST calls to Jenkins )

---

Role Strategy Plugin

Manual Installation

Download Manually

• https://wiki.jenkins.io/display/JENKINS/Role+Strategy+Plugin
• https://github.com/jenkinsci/role-strategy-plugin
• *.hpi file

cd /var/lib/jenkins/plugins
wget --no-cookies "https://updates.jenkins.io/download/plugins/role-strategy/2.8.1/role-strategy.hpi"
systemctl restart jenkins

 

Plugin Manager: Advanced

• http://192.168.0.103:8080/pluginManager/advanced
• Provide URL & credentials to pull from remote repo OR
• Upload the file manually

 

Plugin Manager: Plugin Picker

• http://192.168.0.103:8080/pluginManager/available
• Filter for : Role-based Authorization Strategy
• Install with or without Restart

 

Configuring Plugin

• Configure Jenkins > Configure Global Security > Authorization > Role-Based Strategy
• Click Apply
• Users won't be able to login until assigned via teh RBS plugin
• ONLY ORIGINAL JENKINS ADMIN CAN LOGIN AT THIS POINT!!!
• Go ahead and remove ALL users besides the original (1st) Jenkins Admin user
  • seems the plugin doesn't cleanly pickup OverallView access for existing users

---

 

 

Global Roles

Global roles

Role Overall Credentials Agent Job Run View SCM   Administer Read Create Delete ManageDomains Update View Build Configure Connect Create Delete Disconnect Provision Build Cancel Configure Create Delete Discover Move Read Workspace Delete Replay Update Configure Create Delete Read Tag admin build guest pm

• admin
  • omnipotent access
• build
  • build engineer who manages jenkins
• guest
  • Read only access
• pm
  • Read only access
  • perhaps more rights

 

Project Roles

Project roles

Role Pattern Credentials Job Run SCM   Create Delete ManageDomains Update View Build Cancel Configure Create Delete Discover Move Read Workspace Delete Replay Update Tag developer Dev.* tester Test.*

• Role: developer
  • ONLY for projects starting with Dev.*
• Role: tester
  • ONLY for projects starting with Test.*

 

Slave Roles

Slave roles

Role Pattern Credentials Agent   Create Delete ManageDomains Update View Build Configure Connect Delete Disconnect Provision

---

Assign Roles

Global Roles

Global roles

User/group Developer Tester admin build guest pm   Developer Tester user1 User2 Build JenkinsAdmin Anonymous

Project Roles

Item roles

User/group developer tester   Developer Tester Anonymous

---

Testing User Logins

Admin can see all projects

S	W	Name  ↓	Last Success	Last Failure	Last Duration
		DevProject1	N/A	N/A	N/A
		NodeJSProject1	N/A	N/A	N/A
		TestProject1	N/A	N/A	N/A

 

tester assigned to the tester Project Role can only view Test* projects

S	W	Name  ↓	Last Success	Last Failure	Last Duration
		TestProject1	N/A	N/A	N/A

 

developer assigned to the developer Project Role can only view Dev* projects

S	W	Name  ↓	Last Success	Last Failure	Last Duration
		DevProject1	N/A	N/A	N/A

 

---

 

 

---