Jenkins: Managing Access Control and Authorization

Jenkins supports several security models, and can integrate with different user repositories. Go to Jenkins Dashboard and Click on Manage Jenkins and Click on Configure Global Security.
Click on Enable security.

All options will be visible once we enable security as shown in below figure.

Click on Jenkins‘ own user database . Click on Save.

Jenkins Configure Global Security

Now click on the link Signup on the top right corner. Provide username, password, full name, and email address.

Click on the log in link on the dashboard.

We will get the Jenkins dashboard with Username on the top right corner.

Click on the People to verify all Users.

On Jenkins dashboard, click on Manage Jenkins. Click on Manage Users.

We can edit user details on the same page. This is a subset of users which also contains auto-created users.
Maintaining Role and Project based Security
For authorization, we can define Matrix based security on Configure Global Security page.
Add group or user and configure security based on different section such as credentials, Slave, Jobs, etc.
Click on Save.

We can use multiple users for matrix based security as shown in below figure.

Jenkins Configure Global Security Role Based Access

Try to access Jenkins dashboard with newly added user who has no rights and we will find authorization error.

Now, provide Overall Read rights; Build, Read and Workspace rights for Job for newly added users.

Login with the newly added user and verify that we can see the Dashboard. We can’t see Manage Jenkins link as we have provided those rights.

Click on any build Job. Build link is available as we have given rights but configure link is not available as rights were not given for it.

We can also set Project-based Matrix Authorization Strategy.

Go to specific build jobs’ configuration and Enable project-based security.

Jenkins Configure Global Security Role Based Access

Assign rights to different users and Login with the specific user name to verify whether authorization strategy is working or not.

Verify the Build details also as shown in below figure.

We have covered basics of security configuration in Jenkins. Explore more on the other options as exercise . In case, wrong configuration settings are in authorization take place then to correct it edit config.xml. Consider it as a self-study.

Leave a comment

Your email address will not be published. Required fields are marked *