0

I have Jenkins CI/CD dry run job that each developer can trigger. The question is, can each developer have permissions to stop/abort only his flows which he triggered or Jenkins doesn't support it?

arielma
  • 1,308
  • 1
  • 11
  • 29
  • Short answer: not likely. What is your security/authorization model? – Ian W Oct 27 '21 at 00:06
  • How come jenkins doesn't support it?... it sound like a legit request – arielma Oct 27 '21 at 06:33
  • Because typically people trust their co-workers to do the right thing. As I asked, what is your [security/authorization model](https://www.jenkins.io/doc/book/security/managing-security/#authorization)? We work on teams who own products/applications, we use RBAC (marrix-based) authorization, based on roles, not people. We do not rely on individuals, rather team members acting in a role. Can you imagine otherwise? A CI/CD environment and "Oh, sorry, Dave's on vacation. Yes, I understand the system is haywire and must be fixed now, but you know people!". – Ian W Oct 27 '21 at 06:52
  • Now, if you are aaking, "As a user with multiple jobs running, how can I quickly and efficiently stop only the jobs I triggered?", That can probably be achieved using a groovy-based script. – Ian W Oct 27 '21 at 06:55

1 Answers1

1

The lowest level of authorization is project-based security via the Matrix Authorization Strategy plugin with Job: Build/Cancel and Run: Delete/Replay/Update.

You could use the build user vars plugin together with the Build Name and Description Setter plugin to add the ${BUILD_USER} to the build's name and/or description (with ☑️ Set build name before build starts) so that each dev knows which build to abort in case.

See also How to get the BUILD_USER in Jenkins when job triggered by timer?.

To restrict the build history to the currently logged on user set the build name to #$BUILD_NUMBER - Started by $BUILD_USER and see my user script Jenkins - Restrict build history to current user:

Current user

Build History for current user

Gerold Broser
  • 14,080
  • 5
  • 48
  • 107
  • Ok, but its still means user can abort by mistake other user job, right? – arielma Oct 27 '21 at 14:40
  • @arielma Right. A possible workaround could be using the above and a userscript that checks `
    ` and removes `` of not current users.
     – Gerold Broser Oct 27 '21 at 17:28
  • @arielma Done. See the update to my answer. – Gerold Broser Oct 29 '21 at 02:12
  • Not sure I understood how to use it on existing job. where I should put the script in case I have pipeline script? I've found this example: https://stackoverflow.com/a/62333631/11705021 – arielma Jan 15 '23 at 19:31