8

I'm trying to use role based security plugin in Jenkins, but i'm not sue i am using it right.

I've decided to go with jenkin's own user database as a security realm instead of LDAP. i'm adding the users one by one.

Now in the Assign Roles screen, i have global roles like administrator, read only etc... and i have project specific roles like prod_a_developer, prod_b_developer...

For each user, do i have to both assign one of the global roles for him and also assign a specific project role ?

Also, how do i assign a user to a group ? instead of assigning each user a global role i want to assign a group a global role.

not so trivial,

Can someone please help me ?

Thanks.

Michael
  • 263
  • 2
  • 4
  • 9

1 Answers1

1

I've recently upgraded the WIKI description:

Global Roles override anything you specify in the Project Roles. That is, when you give a role the right to Job-Read in the Global Roles, then this role is allowed to read all Jobs, no matter what you specify in the Project Roles.

It may therefore be advisable to leave most (all) options unchecked in Job, Run and SCM in the Global Roles section for normal users.

In a recent message on the jenkins-users list, user Romain writes:

We do the following:

  • 3 main global roles, admin, job-creator, and anonymous.
  • 1 project role per set of jobs to "segregate" from others.
  • Users with job-creator role know the pattern of the name of the jobs they can create and are aware that, if they don't comply with it, they will need to ask the admin to rename the job or grant them new rights.
Martin
  • 563
  • 4
  • 10
  • 25