Step 1: Install the Authorize Project plugin Step 2: configure the jobs to run as the user Step 3: have the user put their credentials in their per-user credentials store Step 4: don't put credentials in the Jenkins System credentials store Step 5: Sit back, light your pipe and enjoy the satisfaction of a job well done
On 11 April 2016 at 08:32, ayesha s <[email protected]> wrote: > Hi all, > > Currently I have a global credential created(ssh keys) to build a project > in GitLab.And any other(authenticated) user that logs into this Jenkins > instance on windows server are able to use the same credential to build > their projects in GitLab Repository.A Non-Admin user can see another user`s > user Jenkins credentials' contents (private keys, etc!) > But for security reasons this should not happen.Each user should only be > able to build his/her GitLab repo using his/her credential(ssh keys).So he > should also not be able to view any other credentials apart from the one > created by/for him. > I am using Roles Based Authorization plugin to give different users > different roles for different projects.If I want to create a project based > credential at the user level(and not global credential) then that > credential does not appear in the drop down under Project > configuration(Refer to 5.jpeg).And I believe that if we could see the > credential here in drop down then it would have solved my purpose.Or is > there any other way so that every user can only view/use his/her own > credentials and not any other user credentials? > > I have attached screen shots for better understanding of my current > problem and the solution I am looking for. > 1.jpeg-> Global credentials view from admin login (all users that log in > are able see and use this) > 2.jpeg->Global credentials view from normal user login > 3.jpeg->Credential created under the current user(but its not visible in > the 5.jpeg drop down for it to be used to build GitLab Repo) > 4.jpeg->Global credential being used to build GitLab project(Every user > using [email protected] credentials- which is not correct) > 5.jpeg->Drop down only shows Global credentials and not credentials > created under a user Credentials([email protected] as created in 3.jpeg > not visible here) > Roles & Permissions.jpeg ->Credentials permission given thru Role Based > Authorization Plugin > > > Till now I have tried creating 'domains' and created credentials for that > domain but that does not solve the purpose.I have also referred to > following discussions: > > https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!searchin/jenkinsci-users/user$20credentials|sort:relevance/jenkinsci-users/MMvgsv8J3hE/Q4MpfhXjBAAJ > > > The following discussion is similar to the requirement I am looking > for.But even after installing 'Authorization Plugin' its still not clear > what other settings needs to be done.As this still is not letting one see > per-user credentials in the drop down to select in project configuration. > > > https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!searchin/jenkinsci-users/user$20credentials|sort:relevance/jenkinsci-users/t9z2uLuvf74/ZLJwxEHrCgAJ > > > Kindly let me know once I have installed Authorization plugin what next > needs to be done to solve the problem I am facing?Or if there is other > method to achieve my purpose? > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/aa5ca215-753f-4c92-abc9-b26392f0ac5d%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-users/aa5ca215-753f-4c92-abc9-b26392f0ac5d%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CA%2BnPnMwZMp5kSErVGzfEWu2WBiUp6x9QS%3DmF8ph7hVFOnSJQHg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
