Am I understanding Project Based Security Correctly?
25 views
Skip to first unread message
greg.f...@goodautomation.com
Dec 12, 2014, 12:17:49 PM12/12/14
to jenkins...@googlegroups.com
As far as I can tell, if I am using the built in project based security, I HAVE to give users overall read permissions, then in the security for a particular project, I can modify the settings? This seems really dumb. What I want to do is have a "Demo" user, who can see nothing but the projects I make available to them, but by default when I create a new project they can see it. If I take away overall read permissions, then it seems project specific read permissions won't work. I can't find a way to do this without going into each project, adding the demo user and taking away read privileges. I'm hoping I'm just misunderstanding something. I plan to use the role strategy plugin long term, but I am just trying to get things up and running right now.
Suggestions?
Maybe rather than trying to decipher what I have written above, it's better to just describe what I want to do. I want new users to, by default, see nothing unless specific projects are made available to them. I haven't found a way to do this because it seems they need the overall read permission to see anything.
Daniel Beck
Dec 12, 2014, 12:32:36 PM12/12/14
to jenkins...@googlegroups.com
Overall/Read does not give them access to any project (just Jenkins itself). So give the demo user 'Overall/Read' globally, as well as 'Job/Read' (or just 'Read') for the specific projects. Do not give them 'Job/Read' globally.
The only thing missing is that they don't automatically have access to newly created projects, which seems a very unusual requirement (and surprising to your users?). You can use Create Project Advanced Plugin to give config access to a newly created project to its creator if that's what you need.
Alternatively, you could give them 'Job/Read' globally, and then configure the projects to not inherit permissions from their parent (added in a recent plugin version IIRC). But that's likely going to be rather annoying and error-prone.
> --
> You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/6b6467ad-b010-426f-910a-1a9e11a7694e%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
The only thing missing is that they don't automatically have access to newly created projects, which seems a very unusual requirement (and surprising to your users?). You can use Create Project Advanced Plugin to give config access to a newly created project to its creator if that's what you need.
Alternatively, you could give them 'Job/Read' globally, and then configure the projects to not inherit permissions from their parent (added in a recent plugin version IIRC). But that's likely going to be rather annoying and error-prone.
> You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/6b6467ad-b010-426f-910a-1a9e11a7694e%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
greg.f...@goodautomation.com
Dec 12, 2014, 3:25:40 PM12/12/14
to jenkins...@googlegroups.com, m...@beckweb.net
"The only thing missing is that they don't automatically have access to newly created projects, which seems a very unusual requirement (and surprising to your users?)."
Sorry, this was unclear. This is what I'm currently seeing (Demo user is seeing new projects), but not what I want. I'll look into the settings you mentioned and see what I can figure out.
Reply all
Reply to author
Forward
0 new messages