Jenkins job level permission - devops

How can I enable job level permission on Jenkins? Means I have 10 Jenkins job in my Jenkins installation. I may need to enable user1 only access three jobs our of this 10 and user 2 will access only 5 jobs from this 10 etc?

Go to Manage Jenkins - Config global security - find a section "authorization" and choose "Project-based Matrix Authorization Strategy". Then add users and mark "OVerrall - Read" permission.
Then go to specific jobs and select "Use project-based security"

Related

Can I stop Jenkins jobs per the user who triggered it?

I have Jenkins CI/CD dry run job that each developer can trigger. The question is, can each developer have permissions to stop/abort only his flows which he triggered or Jenkins doesn't support it?
The lowest level of authorization is project-based security via the Matrix Authorization Strategy plugin with Job: Build/Cancel and Run: Delete/Replay/Update.
You could use the build user vars plugin together with the Build Name and Description Setter plugin to add the ${BUILD_USER} to the build's name and/or description (with ☑️ Set build name before build starts) so that each dev knows which build to abort in case.
See also How to get the BUILD_USER in Jenkins when job triggered by timer?.
To restrict the build history to the currently logged on user set the build name to #$BUILD_NUMBER - Started by $BUILD_USER and see my user script Jenkins - Restrict build history to current user:

jenkins slave runs as user

I have a jenkins setup with multiple users which are logging in with Active Directory plugin. This is useful so that each user can access his own tasks.
However each user also has different permissions on the local network, such as access to different folders etc. I have noticed that the permissions given to each task is not linked to the user but to the account under which the slave is running as service. Is there a way to change that so that the task is executed on the slave under the credential (and hence permissions) of the user?
Thank you
The problem is: there is only one slave process running the different job assigned to that server by the Jenkins master.
So the slave itself runs as one user (generally, a dedicated account or a system account).
Since you can get the user id as environment variable (with a plugin like JENKINS Build User Vars Plugin), you might consider configuring the job in order for it build step to "run as" the user who triggered the build.
See for instance the JENKINS Authorize Project plugin.
However, as mentioned this answer:
The "Authorize Project" plugin does not change the OS level user that is running commands.
It only sets the Jenkins user that is running the job and any downstream jobs, using Jenkins authentication (whatever it might be).
So you are left with build step with runas or su -c commands in order to be sure that your task does run with the right user.
I had the similar issue and I can recall for managing more control on projects I used role strategy plugin and setup global security using LDAP servers (Active directory should also be ok).
And I used authorized project plugin.
Have a look and I hope it should solve your purpose. Let me know on comment section for any clarification.
you can partially fix your problem this way:
install the slave as a service using the Java Web Start method and JLNP
go to Services control panel in windows
under Properties -> Connection replace the local system connection with a specific user
rebooted the service
This at least gives you the ability to use one account instead of system.

How to set 'UpdateCauses ' user permission on Jenkins

I am trying to use the build failure analyzer plugin for Jenkins.
https://wiki.jenkins-ci.org/display/JENKINS/Build+Failure+Analyzer
In the documentation it says
The link is shown only if the permission UpdateCauses is set for the current user.
But it doesn't give any information on how what that is or how to set it.
I'm the only user for my Jenkins.
Thanks!
Go to Manage Jenkins > Configure Global Security and under the Access Control section on Authorization there will be the users and their permissions (if you use matrix base security) you will see the Build Failure Analyzer permissions:
So short answer, you configure the plugin permissions using Jenkins configurations.

Jenkins project-based security

In jenkins you can enable a project-based security matrix.
Unfortunatly I can't find any documentation the option Credentials.
The documentation of the matrix based security describes these options:
Job: Create, start, cancel a Job
Run: Delete or update builds in build history
SCM: Create tags in repository
But I've found no documentation for Credentials:
Why should I manage Credentials per project? I thought it's a global configuration.
I confirm it's to configure the global credentials, there is no credentials per project.
By checking the option "Enable project-based security", this will allow you to customize the permissions per job (but not the credentials).
I hope it help :)

anonymous access to jenkins workspaces

I am using Jenkins installed on CentOS release 6.3 and Jenkins 1.474. I am using Project-based Matrix Authorization Strategy so that only users in specific AD groups are allowed to log in to Jenkins and view particular jobs.
However I am trying to give anonymous access to workspaces for jobs so I can do a wget and specify the http URL. This is so the hosts I am managing via Jenkins can get certain hosts.
I have added Anonymous to the Project-based Matrix Authorization Strategy section and ticked workspaces but this isn't working. When doing a wget I can access forbidden and when I put the URL in to a browser, I am asked to login. I have also configured Anonymous to have access to the workspace on the job itself, but still get access forbidden.
Has anyone got any ideas as to why his is not working?
We are using Jenkins version 1.475
We have the following enabled for anonymous access:
Overall:
Read -> Enabled
Job:
Read -> Enabled
Workspace -> Enabled
This allows access to anonymous users to view the Dashboard and the Jobs and also to the workspace...
As of Jenkins ver. 1.609.1, the changes can be made under
Configure Global Security | Configure Global Security (or htTps://<your jenkins host>/configureSecurity/).
Similar to sdmythos_gr's answer just set Overall Read and Job Read for Anonymous.

Resources