Reputation: 1023
Restricting visibility of Jenkins jobs to specific users
In Jenkins, is there a way to restrict certain jobs so that only specific users can view them?
Jenkins allows the restriction of user-abilities-per-project via the "Project-based Matrix Authorization Strategy". The problem is that a user can not access anything without the 'Overall' 'Read' setting. This seems to allow them to view all jobs.
Is there another plugin that would allow job visibility restrictions?
Upvotes: 75
Views: 150231
Answers (8)
Reputation: 1
Role Based Strategy plugin will help you.
- Install Role Based Strategy plugin if it is not installed already.
- In Manage Jenkins Security --> Authorization set to Role Based Strategy.
- In Manage Jenkins Go t0 Manage and Assign Roles i) Set Global Role for example your project is ABC Add Role ABC and set overall read access ii) Item Role --> Add pattern for example ABC_.* so it will restrict to view only the particular pattern related jobs to be viewed.
- Assign Role --> Global Role --> Add User and Set the Role ABC
- Assign Role --> Item Role --> Add User and Set the Role ABC
Upvotes: 0
Reputation: 16584
Only one plugin help me: Role-Based Strategy :
wiki.jenkins-ci.org/display/JENKINS/Role+Strategy+Plugin
But official documentation (wiki.jenkins-ci.org/display/JENKINS/Role+Strategy+Plugin) is deficient.
The following configurations worked for me:
configure-role-strategy-plugin-in-jenkins
Basically you just need to create roles and match them with job names using regex.
Upvotes: 17
Reputation: 1697
Think this is, what you are searching for: Allow access to specific projects for Users
Short description without screenshots:
Use Jenkins "Project-based Matrix Authorization Strategy" under "Manage Jenkins" => "Configure System". On the configuration page of each project, you now have "Enable project-based security". Now add each user you want to authorize.
Upvotes: 73
Reputation: 21
As mentioned above by Vadim Use Jenkins "Project-based Matrix Authorization Strategy" under "Manage Jenkins" => "Configure System". Don't forget to add your admin user there and give all permissions. Now add the restricted user there and give overall read access. Then go to the configuration page of each project, you now have "Enable project-based security" option. Now add each user you want to authorize.
Upvotes: 2
Reputation: 4553
I use combination of several plugins - for the basic assignment of roles and permission I use Role Strategy Plugin.
When I need to split some role depending on parameters (e.g. everybody with job-runner is able to run jobs, but user only user UUU is allowed to run the deployment job to deploy on machine MMM), I use Python Plugin and define a python script as first build step and end with sys.exit(-1) when the job is forbidden to be run with the given combination of parameters.
Build User Vars Plugin provides me the information about the user executing the job as environment variables.
E.g:
import os
import sys
print os.environ["BUILD_USER"], "deploying to", os.environ["target_host"]
# only some users are allowed to deploy to servers "MMM"
mmm_users = ["UUU"]
if os.environ["target_host"] != "MMM" or os.environ["BUILD_USER"] in mmm_users:
print "access granted"
else:
print "access denied"
sys.exit(-1)
Upvotes: 2
Reputation: 1339
You can install "Extended Read Permission" plug-in. Then in either "Global Settings" or in individual job configuration, you can give the user "Extended Read" permission.
Upvotes: 0
Reputation: 8284
You could use Project-based Matrix Auth Strategy and enable Read Overall permission, but disable Read Job on the system level. After that you should enable Read Job for each specific project you've wanted to make visible for the current user. Please refer to this resolved issue for more info. Some info from there:
I am implementing READ permission at the job level. When this is done, a user that lacks the READ permission for a particular job will not: see that job in any view, be able to access the job page directly, see any reference to the job (for instance in upstream or downstream dependencies)
Also, I recommend you to go further and check out Role Strategy Plugin. It can simplify user/role management, you can use the described above to give access to the certain jobs.
Upvotes: 8
Reputation: 25
Try going to "Manage Jenkins"->"Manage Users" go to the specific user, edit his/her configuration "My Views section" default view.
Upvotes: 0
Related Questions
- User access in Jenkins, How can I give someone access to only see jobs
- How to restrict credentials in Jenkins?
- How do I jenkins permission on a per job basis?
- Jenkins: Hide job from anonymous users
- How to block some Jobs for some user level in Jenkins?
- Jenkins project-based security block all user
- Jenkins - Restrict Job execution based on user/roles
- Restricting others to build the particular job in JENKINS
- Jenkins user-based job security
- Jenkins Permission's to user according to jobs