ACL is in jenkins-core along with AccessControlled and the other
classes Jesse mentioned.
On Fri, Feb 14, 2020 at 4:59 AM Chris Kilding
wrote:
>
> I meant the permissions thing which is dotted all around the codebase, and
> looks like this:
>
> import hudson.security.ACL;
> import
I meant the permissions thing which is dotted all around the codebase, and
looks like this:
import hudson.security.ACL;
import org.acegisecurity.Authentication;
public void doSomething(Authentication authentication) {
if (ACL.SYSTEM.equals(authentication)) {
// do something
}
}
The
On Wed, Feb 12, 2020 at 6:50 PM Chris Kilding <
chris+jenk...@chriskilding.com> wrote:
> I have encountered the following solutions which seem relevant, but I know
> very little about them:
>
> - Cloudbees RBAC plugin (commercial)
> - Role Strategy Plugin
> - Jenkins permissions system
>
Given
On Wed, Feb 12, 2020 at 12:50 PM Chris Kilding
wrote:
> I have encountered the following solutions which seem relevant, but I know
> very little about them:
>
> - Cloudbees RBAC plugin (commercial)
https://docs.cloudbees.com/docs/admin-resources/latest/plugins/rbac
a.k.a. `nectar-rbac`
> -
Scoping to a job
On Thu, 13 Feb 2020 at 11:23, Chris Kilding
wrote:
> I was unclear on point 2. Is this a way to…
> - scope a credential to an individual job or jobs?
> - scope a credential to an individual build or builds?
> - provide ephemeral credentials that are created at the start of a
I was unclear on point 2. Is this a way to…
- scope a credential to an individual job or jobs?
- scope a credential to an individual build or builds?
- provide ephemeral credentials that are created at the start of a build, exist
during the lifetime of the build, and are scrapped at the end?
Which bit were you unclear about?
Point 1?
Point 1 is a request based authorisation, nothing is allowed to use it by
default, jobs request to use it and then an autrhorised person allows it
On Wed, 12 Feb 2020 at 23:36, Chris Kilding
wrote:
> Point 2 (credentials scoped to a single build)
Point 2 (credentials scoped to a single build) could be relevant - if we’re
adding a credentials concept to a general ACL, a user should be able to apply
any kind of restriction that their ACL permits to the credentials objects. (Not
just folder restrictions.)
I’m a bit unclear about what you
Not directly related, possibly even to this JEP,
But wanted to add a couple of features I’ve seen in other systems,
1. Require authorisation, before allowed to use, I.e build is run and fails
because the credential isn’t authorised for that job but then an
administrator can authorise it and it
The first thing to figure out is what role-based access control solutions are
already out there for Jenkins, so we can then decide how best to fit this
functionality in.
I have encountered the following solutions which seem relevant, but I know very
little about them:
- Cloudbees RBAC plugin
10 matches
Mail list logo