Tuesday, April 9, 2019

Jenkins authorization using "Role-Based Strategy"



Jenkins is an open source automation server written in Java.
Jenkins helps to automate the non-human part of the software
development process, with continuous integration and facilitating
technical aspects of continuous deliveryIt is a server-based system
that runs in servlet containers such as Apache Tomcat.

The Security Realm, or authentication, indicates who can access the
Jenkins environment. The other piece of the puzzle is Authorization,
which indicates what they can access in the Jenkins environment. 

By default Jenkins supports a few different Authorization options: 

Anyone can do anything 

Everyone gets full control of Jenkins, including anonymous users who
haven’t logged in.

 Do not use this setting for anything other than local test Jenkins masters.

Legacy mode 

Behaves exactly the same as Jenkins <1.164. Namely, if a user has the
"admin" role, they will be granted full control over the system, and otherwise
(including anonymous users) will only have the read access.
Do not use this setting for anything other than local test Jenkins masters.
  
Logged-in users can do anything  

In this mode, every logged-in user gets full control of Jenkins. Depending
on an advanced option, anonymous users get read access to Jenkins, or
no access at all. This mode is useful to force users to log in before taking
actions, so that there is an audit trail of users' actions.

Matrix-based security  

This authorization scheme allows for granular control over which users
and groups are able to perform which actions in the Jenkins environment.

Project-based Matrix Authorization Strategy  

This authorization scheme is an extension to Matrix-based security which
allows additional access control lists (ACLs) to be defined for each project
separately in the Project configuration screen. This allows granting specific
users or groups access only to specified projects, instead of all projects in
the Jenkins environment.

Role-Based Strategy

The Role Strategy plugin is meant to be used from Jenkins to add a new
role-based mechanism to manage users' permissions. It uses regular
expressions to match project names that's why it is used when there are 
large number of projects present.
In this blog I am going walk you through the steps to enable
“Role-Based Strategy” so, you can use this to give permission of different
jobs to different users.

Install Role-based Authorization Plugin


To use “Role-Based Strategy”, first you need to install the plugin. You have
to perform the following steps in order to install the plugin.
  • Login to Jenkins with your admin account. 
  • Select “Manage Jenkins”. 
  • Select “Manage Plugins”. 
  • Select “Available” tab. 
  • Search for “role” in the Filter text box.



Enable Role-based Authorization

To enable this authorization method you need to follow these steps -
  • Click on “Manage Jenkins”. 
  • Choose “Configure Global Security”. 
  • Select “Role-Based Strategy” present under “Access Control” section.


Manage and Assign Roles

To manage Jenkins role you have to follow these steps -
  • Click on “Manage Jenkins”.
  • And then select “Manage and Assign Roles”.



After selecting “Manage and Assign Roles”, you will have the following
choices.



Create a New Global Role

Select “Manage Roles” and here you can create global roles which will be
applicable for all the objects in the Jenkins.
After creating the global role you have to create project roles as shown
below. Don’t forget to click on “Save”.


In this case the user will be able to see the jobs which end with the given
words given above (eg Dev, QA etc).

Assign Users to the Groups


After creating the roles with required permissions, you need to assign users
to this role.
Now, go back to previous page and click on “Assign Roles”.
First you have to assign one global role to all the users and then you can
assign project roles to users as per the requirement.



After this click on “Save” and now the users will be able to see those projects
for which they have permission.

References

https://www.thegeekstuff.com/2017/03/jenkins-users-groups-roles/
https://jenkins.io/doc/book/managing/security/#authorization



1 comment:

  1. Good Post! Thank you so much for sharing this pretty post, it was so good to read and useful to improve my knowledge as updated one, keep blogging.
    DevOps Training in Electronic City

    ReplyDelete

What Without Internet

What without Internet? I had a dream a few days ago in which the existence of the internet was gone, When I woke up I though...