We will learn here to use a Role-based Authorization Strategy to assign a role and provide limited permissions to a user. You should have the plugin installed in your Jenkins or you can see here, how to install it.
There is going to be a Jenkins user named “tester” for a tester and we will have to assign some permissions as follows:
✔ He/She should have Build, Configure, Cancel and View type of permissions on Jenkins jobs which start from “tester-” name.
✔ And for the rest of the other Jobs, there should be only Read only permission. (He/She should not be able to build, cancel or configure the job).
Step 1. Create some demo Jenkins Job.
To test the Role-based plugin we will create two demo projects named tester-demo1 and tester-demo2
Step 2. Now create a user tester.
✔ Go to Manage Jenkins > Manage Users.
✔ Click on Create User at the left side of the Manage Users screen.
✔ Fill in all the necessary details and click on Create User button.
✔ Your new user has been created. (In this case, the user is a tester).
Step 3. Creating roles for the new user
✔ Go to Manage Jenkins > Manage and Assign Roles.
✔ Click on Manage Roles.
1. Global Role: to set the permission of all the Jenkins Jobs
✔ Create Global roles and name them as “tester”.
✔ Next, give the permissions (Read-Only) for all the project by checking the following options:
- Overall – Read
- Job – Read
2. Item Role: To set permission for a specific Jenkins job.
✔ Below Global Role, create an Item Role
✔ add “tester-jobs” in Role to add blank and
✔ tester.* in Pattern black to select the specific Jenkins Jobs which starts with tester word.
✔ Now, give the required permission to meet the scenario objective mentioned above.
✔ Permission is as follows:
- Job – Build, Cancel, Configure and Read
✔ Save the configurations.
Step 4. Assigning Roles to the new user
✔ Click on the Assign Roles.
✔ Under Global roles, add a user (name of the user created in Step 2.) named tester.
✔ Check the tester role (Global Role created in Step 3.) for the tester users.
✔ Next, add a user, named tester (name of the user created in Step 2.) under Item Role.
✔ Now, check the tester-job role (Item Role created in Step 3) for the tester user.
✔ Save the configurations.
Step 5. Check the permission of the new user.
✔ Logout from the admin user.
✔ Login with tester user.
✔ All the jobs/projects are visible on the dashboard.
✔ Next, open any job starting with the tester word.
✔ The project has the permissions to Read, Build, Configure and cancel.
✔ Now, open a job different job that doesn’t start with a word tester.
✔ There is no permission other than Read-only.
This concludes that we have successfully provided the specific sets of permissions to a new user.
Create a user for a tester with the following permissions:
✔ He/She should have Build, Cancel, and View type of permissions on Jenkins jobs which start from the “tester” name.
✔ He/She cannot see other projects in its dashboard.