This article will introduce one of the very practical tools in Jenkins role-based Authorization Strategy, from simple plug-in installation to some practical methods in the plug-in in detail.
Role – based permission assignment
Name: Role-based Authorization Strategy
In Jenkins, the default permission policy is Logged-in user can do anything. However, in a project team, different permissions should be assigned based on the roles of each member. At least, everyone should not have the permission to delete items. So, the plug-in is able to configure permissions by role for us.
After the plug-in is installed, Dashboard -> Manage Jenkins -> Secuirty -> Configure Global Secuirty enter the Global security configuration step by step as shown in the following figure
在Authorization
Selected inRole-Based Strategy
Can be opened. We then re-entered Jenkins using a non-admin account and found an unauthorized screen.
Next we need to configure some roles. There are three types of roles in Jenkins: global roles, project roles, and node roles. Controls the permissions of Dashboard, Item, and Jenkins instances respectively.
We need to configure a global role and a project role to enable non-administrator users
The instance
Let’s implement an example: Create a user and assign it a developer role
- First we create a user
Dashboard -> manage Jenkins -> Secuirty -> Manage Users -> Create User
2. Create a role and enterDashboard -> manage Jenkins -> Secuirty -> Manage and Assign Roles -> manage Roles
Create a development role as shown in the figure below. Check the parameters in Job to enable it to configure each Item.
3. Assign a role to the userDashboard -> manage Jenkins -> Secuirty -> Manage and Assign Roles -> Assign Roles
Enter the user name in the input box below Golal Rolse and click Add to select the Dev role as shown
Then we use the newly created account to enter Jenkins
Role-based Authorization Strategy
A few problems with plug-ins
- What is the difference between Global roles, Item Roles, and Node roles?
Global roles is a basic Global role. You need only one Global roles to assign permissions to Overall, Credentials, Agents, and Jobs.
Item Roles is an item-based refinement role that can use the re to match the name of the project when we want to assign different project viewing permissions to different developments
Note the following two points when using Item Rolse:
A. To use the Item roles role, create a basic global role with overall-read permission and assign that role to the user.
If job-read is specified for a Global role, the role has read permissions for all jobs, regardless of what roles are specified for Item roles
Node roles is used in a Jenkins cluster environment to assign Jenkins permissions to different nodes.
- What is the difference between Overall and Read in the Global Roles permission table?
It’s much clearer to look at it directly from the picture
As shown in the figure, the left side is the role menu with only Read permissions, with only some basic Dashboard menus, while the right side is the menu with all admin permissions.