Allow me start the discussion by stating a real world problem, OR I must say a real world need. Most of the times, we have multiple teams working on different projects. As a matter of security, we don’t want any team peeps in someone else’s projects.
If you’re using Jenkins for your build promotions, you would certainly need to isolate various teams working on different projects. It is obvious that you cannot setup multiple Jenkins instances dedicated to each team. All of the projects will be configured in Jenkins as multiple Jobs.
The best way to grant access on specific projects to specific people is to use Role Strategy Plugin. It is just a piece of cake to configure this Plugin and it allows you to manage your Jenkins instance effectively.
So, here is a step-by-step guide to configure Role Strategy Plugin.
6. Click on Manage Roles and add a new Global Role. I call this role “Developer”
7. Provide Read access under “Overall” tab
9. Add Project Roles based on each project.
10. There are two configurable items in Project Roles
a. Role name – This is usually name of the project (e.g. myproject)
b. Pattern – It matches all the projects starting with same name. If you have multiple instances of same project then you can specify something like “myproject*”
11. Provide Build, Cancel and Read access under “Job” tab
For any reason, if we have to provide “Configure” permission later on, we can simple select “Configure” and it will get applied for all users.
15. Save the settings.
16. Now when that user logs in, he/she will be able to see only those projects which have been granted access on.
As per our configuration, user “testuser (TEST)” is only able to see “myproject” project. He can only start and cancel the build process but cannot configure anything.