There are many articles on role-based authorization strategy. Here are some special points.
1. Differences among global roles, item roles and node roles
Since it is role-based permission control, Jenkins naturally defines a variety of roles to control permissions from the perspective of roles. Among them,
Global roles: global roles, such as admin, job creator, anonymous, etc. set permissions for all, credentials, agents, tasks, runs, views, SCM, and lockable resources from a global perspective.
Item roles: create an item role, which allows you to grant job and run permissions from the perspective of the item.
Node roles: create a proxy role that allows you to set node related permissions.
The configuration in global roles acts on all items in Jenkins and overrides the configuration in items roles. If you assign the job read permission under global roles to a role, this role allows you to read all jobs, no matter how you set it in project roles.
2. Several points for attention
1) All non admin roles must be given global read permission in a global role.
2) Permission to create job item: the job create permission in global roles must be assigned to this role.
Selecting create item permission only in item roles does not work. Because creating an item is a global function, after creating an item, determine which role management role it belongs to according to the regular expression.
Otherwise, an error will be reported: Lakes permission to run on ‘Jenkins’
3) If run as user who triggered build is selected in the global security configuration, the agent build permission in the global roles must be assigned to the role.
Node roles have not been used yet, and will be added later.
- Realization of springboot authorization verification technology based on JWT
- From in Python__ future__ The role of import *
- No matching editors or conversion strategy found
- Solution: Spring no matching editors or conversion strategy found
- How to solve SVN authorization failed error
- Error from server (alreadyexists) clusterrolebindings.rbac.authorization .k8s.io “kubelet
- failed to lazily initialize a collection of role: ……, no session or session was closed
- Wechat third party authorization to generate QR code API
- Opencv perfect configuration strategy 2015 (win7 + opencv 2.4.9 + vs 2013)
- Solution to a Jenkins serious error recorded by automation platform
- Connection authorization failure occurred. Reason: local security service non retryable error solution
- Mobile phone code scanning applet login authorization error
- Troubleshooting of Jenkins upgrade to 2.42 JUnit test report
- Jenkins series installation and deployment in docker mode
- An error of 500 is reported when an item is assigned to a role
- Jenkins git configuration error status code 128 ‘text file busy’
- ##Configure VLAN partition based on IP subnet
- VMware Workstation failed to start VMware Authorization Service
- When Jenkins deploys the project, GIT reports an error fatal: index file smaller than expected