The first thing to figure out is what role-based access control solutions are already out there for Jenkins, so we can then decide how best to fit this functionality in.
I have encountered the following solutions which seem relevant, but I know very little about them: - Cloudbees RBAC plugin (commercial) - Role Strategy Plugin - Jenkins permissions system Would someone who knows these components well be able to provide more details, and thoughts on how we might add concepts of folders and credentials to them, so that credential access constraints could be formulated as standard rules? Chris > On 12 Feb 2020, at 16:29, Chris Kilding <[email protected]> > wrote: > > Hello, > > This is the discussion thread for JEP-225: Folder-based access control for > any credentials provider. > > A brief summary... > > The Cloudbees Folders Plugin has the ability to restrict access to > credentials on a per-folder basis. Unfortunately this feature is only > available for credentials stored in the Folders plugin's internal provider. > This JEP will extend that concept, and allow users to specify folder-based > access restrictions for any credential, from any provider. (For example, the > AWS Secrets Manager and Kubernetes providers.) > > This JEP is relevant in 2 notable cases: > > - Dev / Production environment isolation. (Ensure that only jobs in the > production environment can access production credentials, and vice versa.) > - Per-team isolation on a multi-tenant Jenkins. (Ensure that only a given > team or teams can access their credentials.) > > You can follow the pull request at https://github.com/jenkinsci/jep/pull/266. > > Chris > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/9567dfcf-b057-4616-8682-2eccf7b127b0%40www.fastmail.com. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/21F4C984-6263-4B61-811F-DF5FFBB65014%40chriskilding.com.
