Jenkins is used by the different members of a team. A few team members will work as system administrators so they will have all rights and privileges required to manage the whole system, whereas others will have the least possible access to the system and can only view Jenkins jobs and execute them. This chapter explains how to create different users in Jenkins and how to assign them different rights based on their roles.
Creating Users in Jenkins
- 1.
Go to the Manage Jenkins page on the Jenkins dashboard and then click the Manage Users link
- 2.
Click the Create User link shown on the left side of page.
- 3.
Enter the details in the Username, Password, Confirm Password, Full Name, and E-mail Address fields, as shown in Figure 9-1.
- 4.
Click the Create User button.
Assigning Roles to Users in Jenkins
Before you can assign roles to your users, you have to create roles and then assign different rights (i.e., accesses) to these roles. To create different roles, you need to install the Role-Based Authorization Strategy plugin.
Installing the Role-Based Authorization Strategy Plugin
- 1.
Log into Jenkins: Log in with the credentials of your Jenkins administrator. Once you are logged in, you will see the Jenkins dashboard.
- 2.
Go to the Plugin Installation Manager: Click the Manage Jenkins link on the Jenkins dashboard and then click the Manage Plugins link to go to the Plugin Installation Manager (Figure 9-3).
- 3.
Install the plugin: Go to the Available tab and type Role-based Authorization Strategy plugin into the Search field. This will filter out other options from the list of plugins and will show the Role-Based Authorization Strategy plugin at the top of the plugins list.
- 4.
Click the checkbox to select the plugin, as shown in Figure 9-4.
- 5.
Select the plugin and click the Install without Restart button, which will start the plugin installation.
- 6.
Wait until Jenkins finishes installing the plugin and shows the Success status, as shown in Figure 9-5.
Enabling Role-Based Strategy in Jenkins
Click the Role-Based Strategy option. Then click the Save button.
Creating User Roles in Jenkins
- 1.
Go to the Manage and Assign Roles page.
- 2.
Click the Manage Jenkins link. You will see the new Manage and Assign Roles link under the Security section.
- 3.
Click the Manage and Assign Roles link highlighted in Figure 9-7.
- 4.
To create the role, click the Manage Roles link on the Manage and Assign Roles screen, as highlighted in Figure 9-8.
- 5.
Enter a name for the role in the Role to Add field and click the Add button.
- 6.
Click the appropriate checkboxes under each section to assign the required rights to the role.
- 7.
Scroll down the page to find the Save button and click it.
Assigning Roles to Users in Jenkins
- 1.
Go to the Assign Roles page.
- 2.
Click the Assign Roles link on the Manage and Assign Roles page.
- 3.
Enter the user’s ID into the User/Group to Add field and click the Add button.
Out of these three, I want to assign a newly created role to the pd user.
- 4.
To assign a View role, click the checkbox in the View column, from the pd user row.
- 5.
Page down to find to the Save button and click it.
Checking the Assignment of a Role to a User
To see if the role was successfully assigned to the user, you can log in with the credentials of the user to whom the View role was assigned.
I tried to log in with the credentials of the pd user, which shows an Access Denied message.
Creating Project-Based Roles in Jenkins
In Jenkins, you can create different jobs to perform different CI/CD operations in your application. If you want to restrict the access of a particular user to only few jobs, you can create a project-based role and assign it to that user.
- 1.
Go to the Manage Roles page. Click the Manage Jenkins ➤ Manage and Assign Roles ➤Manage Roles link to open the Manage Roles page.
- 2.
Create a new role to access specific jobs. Say you want to create a role that will allow access only to testing jobs that run unit testing and e-e testing.
- 3.
Under the Item Roles section, enter a name for the role in the Role to Add field and .*Testing in the Pattern field (see Figure 9-13). This will allow access to the jobs that have the word testing in them, such as unittesting, e-e testing, etc.
- 4.
Click the Add button.
- 5.
Give all rights to the job by checking all the checkboxes in the Job column for newly created role.
- 6.
Scroll down the page to the Save button and click it to save the changes.
Assigning Project-Based Roles to Users
- 1.
Go to Assign Roles page. Click the Manage Jenkins ➤ Manage and Assign Roles ➤ Assign Roles link, which will open the Assign Roles page.
- 2.
Under the Item Roles section, In the User/Group to Add field, enter the user ID of the user. Click the Add button.
- 3.
Let’s assign the TestingOnlyRole to the dingarepranoday user. I have entered dingarepranoday in the User/Group to Add field and clicked the Add button.
- 4.
Click the TestingOnlyRole checkbox in the dingarepranoday user’s row.
- 5.
Under the Global Roles section, in the User/Group to Add field, enter dingarepranoday and click the Add button.
- 6.
Assign the view role to this user, as this role contains an Overall type of access in its definition.
- 7.
The dingarepranoday user now has two roles assigned— the View role from Global roles and the TestingOnlyRole from the Item Roles section (see Figure 9-14). Note that if users do not have overall access, then they will not be able to see anything on the dashboard.
- 8.
Scroll down the page and click the the Save button.
Verifying the Assignment of the Project-Based Role to the User
There are three jobs—called CreateAPIJar, E-E Testing, and UnitTesting and I am currently logged in as user PranodayDingare. Let’s log in with the credentials of the dingarepranoday user.
Understanding Matrix-Based Security in Jenkins
The previous section discussed how to create different roles and manage access at the job level, node level, etc.
Anonymous users: A special type of user who is not authenticated.
Authenticated users: All authenticated users from the Jenkins system.
Click the OK button from the prompt. Select the checkboxes for the user from the available sections to set the access rights.
Scroll down the page and click the Save button.
Now log in with DingarePranoday’s credentials. Once I log in with this user’s credentials, I can see only a few menu options on the left side.
Other menu options, such as Manage Jenkins, are not available to this user.
Understanding the Project-Based Matrix Authorization Strategy in Jenkins
This mode is an extension to matrix-based security, which allows additional matrixes to be defined for each project.
You can see the Project-based Matrix Authorization Strategy option in the Authorization section of the Configure Global Security page.
Clicking the OK button will add the user entry. You can see that the DingarePranoday user entry was added.
Select the checboxes from the available sections to set the access rights.
Click the Save button on the page.
We will enable project-based security settings.
This setting is shown to all the jobs only if the Project-based Matrix Authorization Strategy option in the Authorization section of the Configure Global Security page is turned on.
Enable this setting by clicking the checkbox.
To add a user to this setting, click the Add User or Group button. It will open the browser prompt dialog box. Enter the user ID.
I added the DingarePranoday user to this setting by listing this name in the prompt dialog and clicking the OK button.
I want to give only Build and Read permissions to the DingarePranoday user, so I selected these checkboxes.
Let’s log in with the DingarePranoday user credentials now.
Summary
This chapter explained how to create multiple users and assign them different rights according to the role they play on a team. You also learned about the project-based matrix authorization and matrix-based strategies, which allow Jenkins to establish good access control over a Jenkins system. The next chapter introduces the Jenkins job. Stay tuned!!