DarkMatter in Cyberspace

Jenkins user account configurations

Project-based Matrix Authorization

This strategy let user A only see his own project, and in his project, he can only run, but can't modify the configuration of the project.

Manage Jenkins -> Configure Global Security:

Check "Jenkins own database" under "Access Control" and uncheck "Allow users to sign up".

Check [Authorization -> Project-based Matrix Authorization Strategy]

Ensure [Overall -> Read] is checked for user "Anonymous", or a 404 error will raised, and administrator user has all the rights.

In user A's project (job), check "Enable project-based security", [Add] user A, check "Build", "Cancel", "Discover" & "Read" in "Job" group, and all items in "Run" group.

If the job is in a Folder, you have to give user A Job -> Read permission of that folder. For example, to make user leo see and run job "deploy beta" in folder "deploy jobs", check Job -> Read of the user leo in "Enable project-based security" section in Configuration of "deploy jobs".

Lightweight Security Management

  1. Start Jenkins;

  2. Jenkins -> Manage Jenkins -> Global Security -> enable security;

  3. Select "Security Realm ->Jenkins's own user database";

  4. Check "Allow user to sign up";

  5. Check Authorization -> Logged-in users can do anything;

  6. Click "Save";

  7. Sign in as "admin";

  8. Manage Jenkins -> Global Security -> uncheck "Allow user to sign up";

Now anonymous users are read-only for Jenkins. This security strategy are suitable for one user scenario.

===Deprecated===

  1. Start Jenkins Service: nohup java -jar jenkins.war 1>jenkins.log 2>jenkins.log &

  2. Jenkins -> Manage Jenkins -> Global Security -> enable security;

  3. Select "Security Realm ->Jenkins's own user database";

  4. Check "Allow user to sign up";

  5. Select "Matrix-based security" as the authorization;

  6. Give anonymous user the read access;

  7. In Textbox follow "User/group to add", write "admin" and click "add" button;

  8. Give admin full access right by checking all items in the row;

  9. Click "save" button at the bottom;

  10. Now you should be locked out of Jenkins. But you can find a "sign up" link at the upper-right corner on the main page;

  11. Sign up a user named "admin"(the same you config at preceding steps), set password, then you can login as administrator.

Quick and Simple Security does not work on my Ubuntu Desktop PC.

Reference:

Standard Security Setup;

Help! I locked myself out!

Published

Last Updated

Category

Tech

Tags

Contact