Using Jenkins 2.7.x I am trying to configure the Role based Strategy Plugin, but facing some issue.
Scenario is, there are 2 teams products I & P each can have Dev, Admin & Lead.
So created 6 LDAP (project) roles & one CI_Admin global role.
and assigned these roles to LDAP user group
Now when the admin logs in he gets error
What am i missing ?
I can see that in global roles in (Fig 3 Highlighted in the below image) read permission is missing. so to login to Jenkins user/group should have read permission.
Related
Current State: I have implemented project based roles strategy (also called the item roles) and have the appropriate project folder level regex etc set up. And I have verified the regexes and other permissions work fine for most logged in users, except the below scenarios I am running into.
Plugin Version: 3.2
Jenkins Version: 2.263.4
Jenkins Authentication Provider: LDAP Connecting to Active Directory
Example regex(es): for project role dev = ^ABC\-DEF\/DEV\/.*
Issue: Certain users are only having issues while going through the project role based authorization plugin where they are not able to see the option to run builds or job configurations. While the same configurations work for a couple of other user who have the same permissions.
Example:
Users - adm-XXXX and adm-YYYY and a few more all starting with the prefix of adm- are not able to get the roles for the configure and run builds on the jobs based on the above regex.
While Users - adm-zzzz and others are able to get the same roles using the same permission matrix.
The issue is very inconsistent as some days it would work, and even the same configurations when I tested in another Jenkins instance it worked for the user - adm-XXXX so I am at a loss on how to debug why it does not work for a few users consistently. I can understand if it is a configuration issue it should not work for all users having the same role.
Are there any tips on enabling some extra debug to troubleshoot this since there are literally a couple of loggers in the code of the plugin.
Appreciate the help here from any one knowledegable.
I have same issue, where associating an LDAP/AD user to a local global role or item/project role with build and configure permissions enabled does not enable this permission in the project itself. The option to build and configure is not available.
The only way I got around this was to add the users into AD groups and associating the AD Group to a role with required permissions.
Enabling the exact same permissions on the AD group role that I had on the local role, enabled the build and configure option in the projects.
I am not sure if this is a bug, an AD integration issue that you cannot mix/match local and AD roles or I am missing some option or if anyone has managed to get around this anomoly - but this workaournd seems to overcome this.
I am trying to assign roles to users in Jenkins using the 'role based strategy' plugin. When I do that, I am getting a red text that says "No type prefix:" in front of every user that I am assigning a role to. Please advise how this can be removed.:
I am very new to Jenkins so any suggestions will be very helpful.
Regards
Ramesh
use "USER:" for user and "GROUP:" for group .. eg "USER:ABC" ..this changed with the recent plug in update ..
In order to resolve we have to add twice.
In your example
Under Global roles
Enter only jenkins and click on Add and click on admin checkbox
Enter USER:jenkins and click on Add and click on admin checkbox
Apply
Save
Similarly for all other users which needs admin role can be mapped.
The same approach can be used under Item and Node roles if it is configured
By doing this we would still see > No type prefix: jenkins however role based permission would work in desired way.
If you are locked out then use following link to get access again-
https://www.jenkins.io/doc/book/security/access-control/disable/
and follow above steps.
Just update plugins:
Matrix Authorization Strategy Plugin
Role-based Authorization Strategy
I have a community edition of sonarqube (version 8.8) setup running on GKE. I have created a public project using the Administrator user and running a jenkins job for python code analysis. Below is my sonarqube-scanner properties in Jenkins job:
sonar.projectKey=ws-python
sonar.scm.disabled = True
sonar.sources=./$branch/${BUILD_NUMBER}/backend/
sonar.language=py
sonar.host.url=http://<ip-address-of-sonarqube>
sonar.login=<project-key>
I created few users which by default belongs to sonar-users group and provided them the below access:
Upon successful analysis of the code, as an administrator user, I am able to see the dashboard with all the issues like bugs, vulnerabilities , security hotspots etc. But when I am seeing the same dashboard as any users belonging to the group sonar-users, I am unable to see anything in the dashboard. And I am getting below error:
Also, I have provided the access to all the users of the group sonar-users for the project.
Can anyone help me how I can make these projects accessible to all the users?
I have configured Jenkins on centos 7.
Being administrator, I have created few users and gave them permissions to their projects like: build, read etc.
I have used a Project-based Matrix Authorization Strategy. Its working but I'm facing the following problem:
If any user clicks on people information (button on left is dashboard) then any user can view all the other users ids, name etc. I want to block this from happening and I can't find a solution to this problem.
Can it be a configuration problem?
Here is one solution using the Role Strategy plugin.
I'm using this plugin for our Jenkins server and it's really useful to define permissions.
On my staging Jenkins, I've create 2 users:
A full admin
A viewer
I've created 2 roles with the plugin:
Next, I assign the roles to the relevant users:
The viewer role only have a global read access + build on the jobs.
If I open a session with the admin one, I can see all the people:
With the viewer user, I don't see anything:
UPDATE:
If you want to assign some permissions on a specific project, you can create project roles (in the Manage Roles section):
You can filter the projects with a regular expression:
job(.*)postcommit
Next, in the Assign Roles section, you just have to assign the relevant project role to the relevant user.
I hope it helps :)
When I go to mydomain.example:8080 there is no authorization mechanism by default. I have had look at the configuration area but cannot find anywhere to add a basic username and password
Go to Manage Jenkins > Configure Global Security and select the Enable Security checkbox.
For the basic username/password authentication, I would recommend selecting Jenkins Own User Database for the security realm and then selecting Logged in Users can do anything or a matrix based strategy (in case when you have multiple users with different permissions) for the Authorization.
Assuming you have Manage Jenkins > Configure Global Security > Enable Security and Jenkins Own User Database checked you would go to:
Manage Jenkins > Manage Users > Create User
Try deleting the .jenkins folder from your system which is located ate the below path.
C:\Users\"Your PC Name"\.jenkins
Now download a fresh and a stable version of .war file from official website of jenkins. For eg. 2.1 and follow the steps to install.
You will be able to do via this method
You need to Enable security and set the security realm on the Configure Global Security page (see: Standard Security Setup) and choose the appropriate Authorization method (Security Realm).
Depending on your selection, create the user using appropriate method. Recommended method is to select Jenkins’ own user database and tick Allow users to sign up, hit Save button, then you should be able to create user from the Jenkins interface. Otherwise if you've chosen external database, you need to create the user there (e.g. if it's Unix database, use credentials of existing Linux/Unix users or create a standard user using shell interface).
See also: Creating user in Jenkins via API
If installed as an admin, use:
uname - admin
pw - the passkey that was generated during installation