{"id":20823,"date":"2015-06-09T16:14:34","date_gmt":"2015-06-09T10:44:34","guid":{"rendered":"http:\/\/www.tothenew.com\/blog\/?p=20823"},"modified":"2016-11-30T11:20:36","modified_gmt":"2016-11-30T05:50:36","slug":"jenkins-implementing-project-based-matrix-authorization-strategy","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/jenkins-implementing-project-based-matrix-authorization-strategy\/","title":{"rendered":"Jenkins &#8211; Implementing Project-based Matrix Authorization Strategy"},"content":{"rendered":"<p>In one of my recent projects, while <a title=\"continuous integration DevOps services\" href=\"http:\/\/www.tothenew.com\/devops-chef-puppet-docker\">working on Jenkins<\/a>, I was required to create and implement a Project-based Matrix Authorization Strategy.<\/p>\n<p>Installation of Jenkins is a simple task, but it took me a while to implement this strategy and later I found it quite easy enough and thought of writing a blog.<\/p>\n<p>Project-based Matrix Authorization Strategy is an authorization method using which we can define which user or group can do what actions on which job. This gives us a fine-grained control over user\/group permissions per project.<\/p>\n<p>We are starting with a fresh Jenkins installation. Jenkins could be installed using the following commands:<\/p>\n<p>[js]wget -q -O &#8211; https:\/\/jenkins-ci.org\/debian\/jenkins-ci.org.key | sudo apt-key add &#8211;<br \/>\nsudo sh -c &#8216;echo deb http:\/\/pkg.jenkins-ci.org\/debian binary\/ &gt; \/etc\/apt\/sources.list.d\/jenkins.list&#8217;<br \/>\nsudo apt-get update<br \/>\nsudo apt-get install jenkins<br \/>\n[\/js]<\/p>\n<p>Jenkins uses 8080 port by default so it could be accessible browsing below link<br \/>\nhttp:\/\/:8080<\/p>\n<p>We would be welcomed by this page:<br \/>\n<a href=\"\/blog\/wp-ttn-blog\/uploads\/2015\/06\/jen1.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-20825\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/06\/jen1.png\" alt=\"jen1\" width=\"773\" height=\"449\" \/><\/a><\/p>\n<p>Now , click on \u201cManage Jenkins\u201d, we would be navigated to the following page:<br \/>\n<a href=\"\/blog\/wp-ttn-blog\/uploads\/2015\/06\/jen2.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-20826\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/06\/jen2.png\" alt=\"jen2\" width=\"1086\" height=\"465\" \/><\/a><\/p>\n<p>Click on \u201cConfigure Global Security\u201d to move to Global Security page:<br \/>\n<a href=\"\/blog\/wp-ttn-blog\/uploads\/2015\/06\/jen3.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-20828\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/06\/jen3.png\" alt=\"jen3\" width=\"621\" height=\"427\" \/><\/a><\/p>\n<p>Check Enable security and more options would appear as shown below:<br \/>\n<a href=\"\/blog\/wp-ttn-blog\/uploads\/2015\/06\/jen4.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-20829\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/06\/jen4.png\" alt=\"jen4\" width=\"779\" height=\"607\" \/><\/a><\/p>\n<p>As we are creating new users in Jenkins, we would be using \u201cJenkins\u2019 own user database\u201d. Select this radio button under \u201cSecurity Realm\u201d.<\/p>\n<p>Under Authorization, select \u201cProject-based Matrix Authorization Strategy\u201d and add two users, one administrator (say admin) and a regular user (say user1).<\/p>\n<p>All the checkboxes present besides users are for setting global permissions. Select all checkboxes against admin user to give admin full permissions.<\/p>\n<p>For user1, we are selecting read permissions under jobs. With this, user1 would now have read permission to view all jobs which we would be creating later on.<\/p>\n<p>We have to provide read permission under \u201cOverall\u201d category to any regular user otherwise the user won\u2019t be able to see anything after login.<br \/>\n<a href=\"\/blog\/wp-ttn-blog\/uploads\/2015\/06\/jen5.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-20830\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/06\/jen5.png\" alt=\"jen5\" width=\"1261\" height=\"220\" \/><\/a><\/p>\n<p>Save this setting and we would be navigated to login page.<\/p>\n<p>Sign up with user \u201cadmin\u201d and set a\u00a0password and other details and log in using admin user.<br \/>\n<a href=\"\/blog\/wp-ttn-blog\/uploads\/2015\/06\/j15.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-20831\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/06\/j15.png\" alt=\"j15\" width=\"541\" height=\"306\" \/><\/a><\/p>\n<p>We can create \u201cuser1\u201d the same way after logging out of admin.<\/p>\n<p>Now, login in as admin user and create a job (say job1) and in configuration, select checkbox \u201cEnable Project-based security\u201d as shown below.<br \/>\n<a href=\"\/blog\/wp-ttn-blog\/uploads\/2015\/06\/jen6.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-20832\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/06\/jen6.png\" alt=\"jen6\" width=\"614\" height=\"307\" \/><\/a><\/p>\n<p>Add user \u201cuser1\u201d, and give it \u201cbuild\u201d permissions under \u201cJob\u201d category and save the settings. This would enable \u201cuser1\u201d to build this job when user1 would log in.<\/p>\n<p>Alternatively, if we want user1 to have build permissions for every job which admin would create later on, we can select the\u00a0\u201cbuild\u201d checkbox under \u201cJob\u201d category in \u201cConfigure Global Security.\u201d<\/p>\n<p>Since, we have provided all permission to \u201cadmin\u201d while configuring global security, we do not need to add per project permission for admin.<\/p>\n<p>With this, we can set global as well as per-project permissions for every user.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In one of my recent projects, while working on Jenkins, I was required to create and implement a Project-based Matrix Authorization Strategy. Installation of Jenkins is a simple task, but it took me a while to implement this strategy and later I found it quite easy enough and thought of writing a blog. Project-based Matrix [&hellip;]<\/p>\n","protected":false},"author":154,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":387},"categories":[1174,2348],"tags":[1853,248,2366,1892,227,1685,1682,2700,2701],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/20823"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/154"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=20823"}],"version-history":[{"count":0,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/20823\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=20823"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=20823"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=20823"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}