70

I choose to use "Jenkins's own user database" security realm for user login as I couldn't use LDAP in my company. And Google's OpenID has issue when you decided to change the hostname or port number to something else.

And I use "Project-based Matrix Authorization Strategy" schema for my security.

But I don't seem to able to create my own group, and add users to the group to manage the permission.

Nakilon
  • 34,866
  • 14
  • 107
  • 142
samxiao
  • 2,587
  • 5
  • 38
  • 59
  • 1
    I just checked and I can't find group support for internal users either. How many people will be in your group. Can't you just add permissions individually? If you need group support you may need to use one of the alternative authentication mechanisms supported by Jenkins. – shonky linux user Aug 08 '12 at 00:29
  • I have over about 80 users, and at least 30+ projects, the matrix for adding each individually is a pain overall. Do you guys have other ways to do this? Or do you recommend me to use OpenID or other security realm for authentication? Thanks – samxiao Aug 08 '12 at 00:39

3 Answers3

75

According to this posting by the lead Jenkins developer, Kohsuke Kawaguchi, in 2009, there is no group support for the built-in Jenkins user database. Group support is only usable when integrating Jenkins with LDAP or Active Directory. This appears to be the same in 2012.

However, as Vadim wrote in his answer, you don't need group support for the built-in Jenkins user database, thanks to the Role strategy plug-in.

Sébastien Mascha
  • 135
  • 1
  • 7
Steve HHH
  • 12,947
  • 6
  • 68
  • 71
32

You could use the Role-based Authorization Strategy plugin for that purpose.

It works like a charm, just set up some roles and assign them. Even on project-specific level.

Mike
  • 14,010
  • 29
  • 101
  • 161
Vadim Kotov
  • 8,084
  • 8
  • 48
  • 62
5

I installed the Role plugin under Jenkins-3.5, but it does not show the "Manage Roles" option under "Manage Jenkins", and when one follows the security install page from the wiki, all users are locked out instantly. I had to manually shutdown Jenkins on the server, restore the correct configuration settings (/me is happy to do proper backups) and restart Jenkins.

I didn't have high hopes, as that plugin was last updated in 2011

Tux
  • 51
  • 1
  • 1
  • 4
    Jenkins 3.5? Latest version is 1.509 now. – Vadim Kotov Apr 03 '13 at 12:13
  • 1
    It's not recommended to switch authentication style until roles will be set properly. Otherwise you'll get your system locked, even in current session. – Nikolay Ruban Aug 05 '14 at 08:42
  • 1
    @Nikolay Ruban - It can be tricky to accomplish that first sentence with Role-based Strategy authorization, since you can't get to the screen to create/assign roles until you set that authorization strategy on the Configure Global Security page. I believe if you first set up matrix based security and assign Overall Administer permissions to Anonymous (or the user with which you are currently logged in), that is ported to the initial role based role assignments. That is my recollection. – tbradt Feb 03 '15 at 17:49
  • 1
    Also, there is a way to disable security in Jenkins if you get yourself locked out - just google "jenkins disable security". I've had to do that myself. ;-) – tbradt Feb 03 '15 at 17:53
  • 1
    You must change the security strategy to "Role-based strategy" before the "Manage Roles" icon appears under "Manage Jenkins" – dpinya Aug 25 '17 at 10:56