In Jenkins, is there a way to restrict certain jobs so that only specific users can view them?
Jenkins allows the restriction of user-abilities-per-project via the "Project-based Matrix Authorization Strategy". The problem is that a user can not access anything without the 'Overall' 'Read' setting. This seems to allow them to view all jobs.
Is there another plugin that would allow job visibility restrictions?
Think this is, what you are searching for: Allow access to specific projects for Users
Short description without screenshots:
Use Jenkins "Project-based Matrix Authorization Strategy" under "Manage Jenkins" => "Configure System". On the configuration page of each project, you now have "Enable project-based security". Now add each user you want to authorize.
Only one plugin help me: Role-Based Strategy :
wiki.jenkins-ci.org/display/JENKINS/Role+Strategy+Plugin
But official documentation (wiki.jenkins-ci.org/display/JENKINS/Role+Strategy+Plugin) is deficient.
The following configurations worked for me:
configure-role-strategy-plugin-in-jenkins
Basically you just need to create roles and match them with job names using regex.
You could use Project-based Matrix Auth Strategy and enable Read Overall permission, but disable Read Job on the system level. After that you should enable Read Job for each specific project you've wanted to make visible for the current user. Please refer to this resolved issue for more info. Some info from there:
I am implementing READ permission at the job level. When this is done, a user that lacks the READ permission for a particular job will not: see that job in any view, be able to access the job page directly, see any reference to the job (for instance in upstream or downstream dependencies)
Also, I recommend you to go further and check out Role Strategy Plugin. It can simplify user/role management, you can use the described above to give access to the certain jobs.
I use combination of several plugins - for the basic assignment of roles and permission I use Role Strategy Plugin.
When I need to split some role depending on parameters (e.g. everybody with job-runner is able to run jobs, but user only user UUU is allowed to run the deployment job to deploy on machine MMM), I use Python Plugin and define a python script as first build step and end with sys.exit(-1) when the job is forbidden to be run with the given combination of parameters.
Build User Vars Plugin provides me the information about the user executing the job as environment variables.
E.g:
import os
import sys
print os.environ["BUILD_USER"], "deploying to", os.environ["target_host"]
# only some users are allowed to deploy to servers "MMM"
mmm_users = ["UUU"]
if os.environ["target_host"] != "MMM" or os.environ["BUILD_USER"] in mmm_users:
print "access granted"
else:
print "access denied"
sys.exit(-1)
As mentioned above by Vadim Use Jenkins "Project-based Matrix Authorization Strategy" under "Manage Jenkins" => "Configure System". Don't forget to add your admin user there and give all permissions. Now add the restricted user there and give overall read access. Then go to the configuration page of each project, you now have "Enable project-based security" option. Now add each user you want to authorize.
You can install "Extended Read Permission" plug-in. Then in either "Global Settings" or in individual job configuration, you can give the user "Extended Read" permission.
Try going to "Manage Jenkins"->"Manage Users" go to the specific user, edit his/her configuration "My Views section" default view.
