Discussion:
Restrict view of certain jobs under folder.
g***@gmail.com
2018-10-19 17:16:31 UTC
Permalink
Hi,

We have the following requirement. Any recommendations?

We have a Folder 'A' created in Jenkins for an application team 'A'. We
have two subdivision under this application team 'A1 and A2'. There are 4
users, 2 under each subdivision - A1-User1, A1-User2 and A2-User1,
A2-User2. Both these divisions have their jobs running in Folder A. The
requirement is, when users from A1 login, they (strictly) *should not be
able to see* the jobs of A2 and vice versa. What is the best approach?

We are using https://wiki.jenkins.io/display/JENKINS/Role+Strategy+Plugin
this plugin. Unfortunately, as per this plugin we can only restrict users
from other team to modify the jobs. Cannot completely hide the jobs. Any
suggestions?
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/f4b0dde6-ddda-4158-957e-3609b3aafafb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Daniel Beck
2018-10-19 19:33:19 UTC
Permalink
We are using https://wiki.jenkins.io/display/JENKINS/Role+Strategy+Plugin this plugin. Unfortunately, as per this plugin we can only restrict users from other team to modify the jobs. Cannot completely hide the jobs. Any suggestions?
This is possible, you just need two different roles, and regexes that match the folder and A1/A2 specifically without including the other. Then grant Item/Read based on that, and don't make it a global role permission.
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/8EF4B910-A86F-490E-941E-F46D6C68FDE4%40beckweb.net.
For more options, visit https://groups.google.com/d/optout.
g***@gmail.com
2018-10-19 22:08:04 UTC
Permalink
As per the documentation of that plugin, below, the moment I grant access
to ^foo.* they'll be able to see everything under foo right? In my case,
everything under 'A'. Or, may be am not getting it right. Could you
please help me on how to set it up?

First, assign that user/ group to read/ discover permissions with pattern "
^foo.* "*,* then assign that same user/ group to the more particular
permissions with pattern " ^foo/bar.* "
Post by g***@gmail.com
We are using
https://wiki.jenkins.io/display/JENKINS/Role+Strategy+Plugin this plugin.
Unfortunately, as per this plugin we can only restrict users from other
team to modify the jobs. Cannot completely hide the jobs. Any
suggestions?
This is possible, you just need two different roles, and regexes that
match the folder and A1/A2 specifically without including the other. Then
grant Item/Read based on that, and don't make it a global role permission.
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/71ddcda5-ddae-447d-894d-d188f9edadc0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Continue reading on narkive:
Loading...