Jenkins – Manage Security


Jenkins is one of a powerful continuous integration tool with a great community. It is an opensource tool and hence can be easily used by anyone. So why not to start knowing a tool like this. To read about the basics and installation steps, you can refer to my previous blog Introduction to jenkins

Creating Users

There can be multiple users that can operate jenkins for the same set of project holding different responsibility. So to create a user we can follow the below steps:

  • Click on Manage Jenkins on the home page.
  • Search for Manage Users in Manage Jenkins Page and click on it.
  • You will see a users page.
  • Search for “Create User” in the left side of the page and click to create user.

create_user

Here users can be created and its username can further be used to grant access.

Managing Access

After users are created it is very important to restrict access of users so they can operate on their responsibility in a controlled manner.

To manage access of users :

  • Click on Manage Jenkins from the home page.
  • Click on the link Configure global security.
  • Under “Access Control” you will see an “Authorisation” label.

This is the place where you can decide between different options to control access. Following are the available options:

  • Anyone can do anything
  • Legacy Mode: If you have the “admin” role, you’ll be granted full control over the system, and otherwise (including anonymous users) you’ll only have the read access.
  • Logged in users can do anything: It also provides a sub-option “Allow anonymous read access” . If checked, this will allow users who are not authenticated to access Jenkins in a read-only mode.
  • Matrix based security: In this scheme, you can configure who can do what by using a big table.Each column represents a permission. Each row represents a user or a group (often called ‘role’, depending on the security realm).Permissions are additive. That is, if an user X is in group A, B, and C, then the permissions that this user actually has are the union of all permissions given to X, A, B, C, and anonymous.
  • Project based Matrix Authorisation Strategy: This mode is an extension to “Matrix-based security” that allows additional ACL matrix to be defined for each project separately (which is done on the job configuration screen). This allows you to say things like “John Doe can access project A, B, and C but he can’t see D.

Configuring a Proxy

In most enterprise environments, Jenkins server will be situated behind a firewall, and doesn’t have direct access to the Internet and if the server JVM is not configured appropriately to enable internet connection (Jenkins needs Internet access to download plugins and updates, and also to install tools such as the JDK, Ant and Maven from remote sites). If you need to go through an HTTP proxy server to get to the Internet, you can configure the connection details (the server and port, and if required the username and password).

To configure connection details, follow the given steps:

1) Click on “Manage Jenkins” from Jenkins Dashboard.

2) Click on “Manage Plugins” from Manage Jenkins Page.

3) Move to the “Advanced” tab to set “HTTP Proxy Configuration”.

proxy_configuration

Please note that Jenkins uses HTTPS to communicate with the update center to download plugins.

If Microsoft’s NTLM authentication scheme is used by your proxy, then you will have to provide a domain name as well as a username in the “User name” field. For example: “DomainName\Sangeeta”.

Finally, if you are setting up Proxy access on your Jenkins build server, remember that all of the other tools running on this server will need to know about the proxy as well. In particular, this may include tools such as Subversion (if you are accessing an external repository) and Maven.

This entry was posted in Scala. Bookmark the permalink.

3 Responses to Jenkins – Manage Security

  1. Pingback: Jenkins Build Jobs | Knoldus

  2. I hadn’t thought of using containers but that’s a great idea. Thanks so much for sharing!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s