Restrict view of certain jobs under folder.

[gotvi...@gmail.com]

Hi,

We have the following requirement.  Any recommendations?

We have a Folder 'A' created in Jenkins for an application team 'A'.  We have two subdivision under this application team 'A1 and A2'.  There are 4 users, 2 under each subdivision - A1-User1, A1-User2 and A2-User1, A2-User2.  Both these divisions have their jobs running in Folder A.  The requirement is, when users from A1 login, they (strictly) should not be able to see the jobs of A2 and vice versa.  What is the best approach?

We are using https://wiki.jenkins.io/display/JENKINS/Role+Strategy+Plugin this plugin.  Unfortunately, as per this plugin we can only restrict users from other team to modify the jobs.  Cannot completely hide the jobs.  Any suggestions?

[Daniel Beck]

> On 19. Oct 2018, at 19:16, gotvi...@gmail.com wrote:
>
> We are using https://wiki.jenkins.io/display/JENKINS/Role+Strategy+Plugin this plugin. Unfortunately, as per this plugin we can only restrict users from other team to modify the jobs. Cannot completely hide the jobs. Any suggestions?

This is possible, you just need two different roles, and regexes that match the folder and A1/A2 specifically without including the other. Then grant Item/Read based on that, and don't make it a global role permission.

[gotvi...@gmail.com]

As per the documentation of that plugin, below, the moment I grant access to ^foo.* they'll be able to see everything under foo right?  In my case, everything under 'A'.  Or, may be am not getting it right.  Could you please help me on how to set it up?

First, assign that user/ group to read/ discover permissions with pattern " ^foo.* ", then assign that same user/ group to the more particular permissions with pattern " ^foo/bar.* "