In one of my recent projects, while working on Jenkins, I was required to create and implement a Project-based Matrix Authorization Strategy.
Installation of Jenkins is a simple task, but it took me a while to implement this strategy and later I found it quite easy enough and thought of writing a blog.
Project-based Matrix Authorization Strategy is an authorization method using which we can define which user or group can do what actions on which job. This gives us a fine-grained control over user/group permissions per project.
We are starting with a fresh Jenkins installation. Jenkins could be installed using the following commands:
[js]wget -q -O – https://jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add –
sudo sh -c ‘echo deb http://pkg.jenkins-ci.org/debian binary/ > /etc/apt/sources.list.d/jenkins.list’
sudo apt-get update
sudo apt-get install jenkins
Jenkins uses 8080 port by default so it could be accessible browsing below link
As we are creating new users in Jenkins, we would be using “Jenkins’ own user database”. Select this radio button under “Security Realm”.
Under Authorization, select “Project-based Matrix Authorization Strategy” and add two users, one administrator (say admin) and a regular user (say user1).
All the checkboxes present besides users are for setting global permissions. Select all checkboxes against admin user to give admin full permissions.
For user1, we are selecting read permissions under jobs. With this, user1 would now have read permission to view all jobs which we would be creating later on.
Save this setting and we would be navigated to login page.
We can create “user1” the same way after logging out of admin.
Add user “user1”, and give it “build” permissions under “Job” category and save the settings. This would enable “user1” to build this job when user1 would log in.
Alternatively, if we want user1 to have build permissions for every job which admin would create later on, we can select the “build” checkbox under “Job” category in “Configure Global Security.”
Since, we have provided all permission to “admin” while configuring global security, we do not need to add per project permission for admin.
With this, we can set global as well as per-project permissions for every user.