how can be set the business admin of a task?
If I remember correctly it is set by a Task variable, what is the variable name?
There is a default profile configured as 'business admin'?
Related
I have 4 sessions namely Default, Extended, Programming and Supplier session.
The jump to supplier session will happen via extended session. Default -> Extended -> Supplier
But before jumping to Supplier session I need to provide security access.
Once the security access is provided then only the jump should happen to Supplier session.
As per the ISO 14229 - 1 document the security access service is NOT applicable in default session but it is APPLICABLE in Non-Default session. So does it mean security access can be applied between 2 non-default session?
You can configure security level basically for every diagnostic service, even subservice (like for specific DIDs). What I understand you want to do is to require security level for changing into Supplier session, which is definitely possible to configure.
In my opinion, There is no security level required to enter any session.
To perform any action in any session other than default, we need security level.
Example :
1. To execute any service
2. To Read/write a DID
I have some 10 projects in my Jenkins , each for 10 different clients . So i need to create credentials for all my projects , so that each client can access only their project .
Is there any plugin to achieve my requirement .??
Please Help !!!
Select "Project-based Matrix Authorization Strategy" under Global Security
Define general users, without access to projects at this level.
Then on per-project select "Enable project-based security", and here you can give individual users addition permissions, such as ability to view and execute the job
Edit:
In Configure Global Security, under Project-based Matrix Authorization:
Make sure Anonymous and Authenticated don't have any other permissions.
Give Anonymous:
Job Discover (this will redirect non-logged in users to login page).
Give Authenticated:
Overall Read (without this permission, nothing else will work).
View Read, optional (without this, they won't see custom views, just the 'all view').
Save configuration
In Job Configuration, under Enable project-based security:
Give client1:
Job Read (this will allow to view this particular job, and nothing else).
Give additional permissions as required (build, workspace, promote, etc).
Save configuration
I am not sure if this was already asked/ discussed before.
In my Jenkins, I have setup LDAP authentication and that password is required in one of my jobs to remotely login to a different server using that password and execute some tasks there
Assume the remote task is executed via sshexec in ant task which requires username password. I dont want the user to enter the password again in the form of a build paramater, is there a way to get the password used for Jenkins authentication inside the build job ???
[I]s there a way to get the password used for Jenkins authentication inside the build job?
Not as such. Jenkins does not retain the password after you log in, it simply passes it to the LDAP server long enough to verify that you should be authenticated.
So what you need is to define Credentials persisted in Jenkins that can be used during a build. You can use the Credentials Binding plugin to set up a fixed username/password which the job will have access to.
If your requirement is for the credentials to not be available for any build of the job, but instead that a user manually initiating the build should have to supply them (meaning that scheduled or otherwise triggered builds are impossible), I think this is also supported as of version 1.1. Define a parameter of credentials type for the job, to be used via variable expansion in the binding. Then have the user define these credentials in their user configuration page (/me/configure). Then when selecting Build with Parameters they should see their own personal credentials and be able to select them. The user needs the Credentials/UseOwn permission on the job.
Another option for the future would be a subtype of username/password credentials which does not store the password at all (maybe just a “salted” hash, using jBCrypt), and somehow prompts for you to enter the password before the credentials are considered valid, probably expiring after a few minutes. This mode has not been implemented but would be useful for sites with stricter security requirements.
(Regular credentials are stored encrypted, but the default secure storage mechanism keeps the master encryption key in $JENKINS_HOME—so secure so long as you do not allow shell access to your server to anyone who is not already a Jenkins administrator, and of course so long as you configure the master computer to have zero executors so people cannot run builds on it, only on slaves. Another RFE would be an alternate storage mechanism that allows the master key to be injected by some other means.)
The best possible way to do is to allow permission to jenkins user in the remote server.
Is there any interface or class provided by the JSR286 specification to store configuration parameters for a portlet?
The PortletPreferences interface allows me to store preferences but these are user-specific as far as I know. I also read you could store things in a PortletSession, but the scope of it is also user-specific (and I don't think it's persistent).
Another thing I read is the PortletContext which is available in an application wide scope. I read there is a property called setAttribute, but I don't know if these attributes are persistent or not. If I restart the portal server, I have no clue if these settings are still there. Also, if I have multiple instances of the portlet, I would like to make these settings differently for each instance.
So my question is; Is there any interface/class in the portlet 2.0 API (JSR286) to store data at portlet instance scope persistently?
I just found the solutions to my own problem. It seems IBM doesn't completely follow the JSR286 specification (in my advantage) and determines the scope of the PortletPreferences based upon the portlet mode the user is in.
If the user is in the VIEW, EDIT or HELP mode (defaults in JSR286 specification), then the preferences are stored like defined in the JSR286 specification. They are user- and portlet instance dependant, useful for personalisation.
If the user is in the EDIT_DEFAULTS mode (custom mode), then the preferences are stored globally for ONE portlet instance. This means that if the portlet is used on multiple pages, then the configuration only applies to one of these instances.
Lastly, if the user is in the CONFIG mode (custom mode), then the preferences are stored globally for a portlet. This means that all users of all portlet instances will use the same configuration.
I am using Postgresql as my database and rails 3 as my middleware for a multi-tenant application.
I would like to set an environment variable containing currently logged in client id for every connection that gets created via establish_connection method.
Is there anyway I can intercept initialization process through any callbacks of establish_connection to set this environment variable?
I would lean towards separating data at the app level by something like an authority_level field. You could then have a "verify_permission(current_user)" method run as a before_filter.
We typically do this and have a "kick_user_out" method that automatically forces a logout and emailed admin alert with non-sensitive params for the purpose of alerting admins when a privilege escalation occurs. You get enough of those and the account gets locked as well.