Jenkins Role-based Authorization Strategy
Jenkins, by default, provides a basic level of access control through its built-in security options, but for more granular control, you’ll need to use the Role-based Authorization Strategy plugin. This plugin allows you to define roles with specific permissions and assign these roles to users or groups, offering a more detailed and customizable approach to security.
Agenda
Step 1 : Install the Role-Based Authorization Strategy Plugin
Step 2 : Create User
Step 3 : Configure Global roles & Item role
Step 4 : Assign Roles to Users or Groups
Step 5 : Ensure the assigned role with the newly created user.
Jenkins Role Based Strategy creation
Step 1 : Install the Role-Based Authorization Strategy Plugin
Go to Manage Jenkins > Plugins.
In the Available tab, search for Role-Based Authorization Strategy > Click Install
Go to Manage Jenkins > Security
Under Authorization > Select Role-Based Strategy > Click Save
Now check Manage Jenkins page > Now the "Manage and Assign role" will show
Step 2 : Create User
Go to Manage Jenkins > Users
Click on Create user
Enter Username, Password, Full Name and mail id > Click Create user
I have created two users
Step 3 : Configure Global roles & Item role
Go to Manage Jenkins > Manage and Assign Roles > Manage Roles.
Global Roles: Permissions that apply to the entire Jenkins instance.
Global role creation:
Enter role > Click Add
I have created an "employee" role in global roles. I have given read access only.
Item Roles : Permissions specific to certain projects or jobs
Item role creation :
Role to add - Add role name > Pattern - dev.* > Click - Add
In pattern [dev.*] - means, Matches any character "dev"
I have created an developer & tester role in item roles. I have given full access to both
Step 4 : Assign Roles to Users or Groups
Go to Manage Jenkins > Manage and Assign Roles > Assign Roles
I have added two users in Global Roles & given access to employee role
I have given access to the developer role for the "Ragul" user in Item roles. It means "Ragul" users can access only "dev" jobs.
Same like, I have given access to the tester role for the "Ajith" user in Item roles. Ajith users can access only "test" jobs.
Step 5 : Ensure the assigned role with the newly created user.
Now, login through "ragul" user.
Ragul users can only run the task called "dev"
Now, login through "ajith" user.
Ajith users can only run the task called "test"
No, we have successfully configured "Role-based Authorization Strategy"