Scenario / Questions
We are running a Jenkins CI. Generally we would like to provide
- full access to authenticated users from particular group
- full-read access to anonymous users
- block anonymous users to access certain projects (completely)
We use Unix user/group database and Project-based Matrix Authorization Strategy. Points (1) and (2) works well but we are having trouble achieving (3).
We have tried:
- in Global Security removing all rights to anonymous and then granting it in project-based security but after that all anonymous requests (even to main Jenkins page) yields login page
- in Global Security adding in steps following rights: View-Read (didn’t work), Job-Discover (didn’t work), Job-Read (didn’t work), Overal-Read – this last one seemed to work however it gave the anonymous user too much rights and we weren’t able to limit access to the particular project.
we want fully open (read-wise) Jenkins CI with a few projects completely hidden/blocked for anonymous.
Find below all possible solutions or suggestions for the above questions..
OK, so I’ve managed to do it:
- you need Role-based Authorization Strategy Plugin
- enable this authentication strategy in Configure Global Security
- in Manage and Assign Roles / Manage Roles create new role anonymous and authenticated for both global and project roles
- in Global roles grant anonymous role right only to Overall / Read (this will at the very least access anonymous user main jenkins screen with navigation and link to login page, not login prompt immediately)
- in Project role add anonymous role with regexp pattern that will match projects you want anonymous users to access and after adding this role grant it right to Job / Read and Job / Discover
- navigate to Manage and Assign Roles / Assign Roles and assign Anonymous user group to anonymous role (and authenticated users to specific groups). SAVE
Disclaimer: This has been sourced from a third party syndicated feed through internet. We are not responsibility or liability for its dependability, trustworthiness, reliability and data of the text. We reserves the sole right to alter, delete or remove (without notice) the content in its absolute discretion for any reason whatsoever.