All that is easy with the CloudBees RBAC plugin, but given that I wrote it originally I would say that wouldn't I ;-)
On Friday 11 December 2015, Indra Gunawan (ingunawa) <[email protected]> wrote: > You can look up this plugin : > https://wiki.jenkins-ci.org/display/JENKINS/Job+Restrictions+Plugin to > restrict execution on a node/slave. It adds restriction in the node’s > configuration page. > Please let me know because I am interested in it too. > > In my earlier comment, I meant one can use free Cloudbee folder and free > Role Strategy to define who can access what jobs. The Jobs belonging to > team A need to be in a Folder “A”, team B puts their jobs in Folder “B”. > Then, user can define Project Role for folder “A” with regex and assign > only user-ids in Team A this role. > The Anonymous and authenticated role are stripped of any permission to > read any of the job. > > Sadly with Role Strategy assigning role to AD group does not work I > think. So individual user-id in LDAP need to be added the role “A” or role > “B”. > All of these are possible using ClouldBee RBAC plugin. > > Please correct me if I am wrong, Stephen? > > Thanks. > -Indra > > > From: iostrym <[email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>> > Date: Tuesday, December 1, 2015 at 3:57 AM > To: Jenkins Users <[email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>> > Cc: ingunawa <[email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>> > Subject: Re: jenkins advanced user right > > thanks a lot. but it will be difficult for us to buy such a plugin. > > anyone else know if there is a free plug in to lock some slave for some > users or one user ? > > Le mardi 1 décembre 2015 11:06:00 UTC+1, Stephen Connolly a écrit : >> >> On 1 December 2015 at 10:01, iostrym <[email protected]> wrote: >> >>> Thanks. >>> >>> role based plugin don't work without cloudbee folder ? I had a quick >>> look at role based plugin but hte problem is that all existing right for >>> each user (around 30) will be lost with this plugin. It seems that we will >>> have to redo all right for each user. right ? >>> >>> I also discover that at job creation it is possible to "protect" the job >>> and add right for specific user but it is quite fastiduous if there are >>> several user to give access. >>> >>> >> Ahem... >> >> [Puts on CloudBees Employee Hat] >> >> Really sounds like you are looking for some of the enterprise features in >> CloudBees Jenkins Enterprise: >> >> * CloudBees RBAC plugin supports importing your current Matrix or Project >> Matrix security settings so you can migrate to an fully RBAC model piecewise >> * CloudBees RBAC plugin allows for creation of local groups that make >> per-project role assignment easier >> * CloudBees RBAC plugin allows delegation of RBAC management for specific >> items to a subset of users >> * CloudBees Folders plus allows restriction of some slaves to jobs within >> specific folders >> * etc >> >> [Removes CloudBees Employee Hat] >> >> >>> In the same subject, what about "slave protection" ? If I add a slave, >>> is it possible to be sure that a job from another group of user (another >>> project) won't use that slave ? I don't find any slave protection. Even if >>> the slave is not configured to be used "as much as possible", it seems to >>> be still possible for a user to select my slave for his job. (and execute a >>> rm * -rf on my machine...) >>> >>> Best regards, >>> >>> Le mardi 1 décembre 2015 03:57:08 UTC+1, Indra Gunawan (ingunawa) a >>> écrit : >>>> >>>> Use Cloudbee Folder, and Role based Plugin. Define specific role based >>>> on the regex of each of name of folder for projects/jobs. One category of >>>> jobs each in a separate folder. >>>> >>>> >>>> From: <[email protected]> on behalf of iostrym < >>>> [email protected]> >>>> Reply-To: "[email protected]" <[email protected]> >>>> Date: Monday, November 30, 2015 at 1:48 AM >>>> To: "[email protected]" <[email protected]> >>>> Subject: jenkins advanced user right >>>> >>>> Hello, >>>> >>>> Is it possible to give right for some users to create and configure >>>> their job without being able to modify some jobs. >>>> >>>> Typically, have one job area for one project and another job area for >>>> another project. And use from one project that can't modify job for the >>>> other project. >>>> >>>> Is this possible ? >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Jenkins Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/jenkinsci-users/c843b0cd-778b-4960-aafe-1371b7686c62%40googlegroups.com >>>> <https://groups.google.com/d/msgid/jenkinsci-users/c843b0cd-778b-4960-aafe-1371b7686c62%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Jenkins Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/jenkinsci-users/5eeb1923-d6cc-4a36-b93a-7ff47c119f95%40googlegroups.com >>> <https://groups.google.com/d/msgid/jenkinsci-users/5eeb1923-d6cc-4a36-b93a-7ff47c119f95%40googlegroups.com?utm_medium=email&utm_source=footer>. >>> >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <javascript:_e(%7B%7D,'cvml','jenkinsci-users%[email protected]');> > . > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/D2904B5B.3DC29%25ingunawa%40cisco.com > <https://groups.google.com/d/msgid/jenkinsci-users/D2904B5B.3DC29%25ingunawa%40cisco.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Sent from my phone -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CA%2BnPnMy5pfoAqp-8P%3DuQFvUyR3pzzOhAckQoZAgASWAgGYSB-A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
