- I only want certain group of users to have access to the folders to which they belong.
- How to isolate folder from certain group of users?
- CloudBees Jenkins Enterprise (CJE) or CloudBees Jenkins Operations Centre (CJOC)
- Role-Based Access Control Plugin (RBAC)
- Folder plugin or Folder Plus Plugin
The Role-Based Access Control plugin combines with the Folders plugin to give a powerful solution for managing a Jenkins which is shared by multiple teams of users. The Jenkins administrator can create folders for each of the teams and then create groups in those folders for each of the roles that team members can have. By delegating the management of the group membership (but not the management of the roles assigned to groups) to the team leaders, the Jenkins administrator can empower the team leads to manage the permissions of their team while reducing their own administrative overhead.
We are resolving this issue by the following scenario:
Let’s say we have three different user’s groups in Jenkins:
- admin (group) -> admin (user)
- Team-A (group) -> user1 (user)
- Team-B (group) -> user2 (user)
- admin users will be allowed to access everywhere but…
- Users which belong to Team-A group will only have access to folder-team-a, and users which belongs to Team-B group will only have access to folder-team-b.
1 .- Just for this Prove of Concept, we are using the Mock Security Plugin as Authorization Strategy. However, for real environment other Authorization Strategy plugin should be configured, for instance Active Directory, LDAP o SAML
2 .- Rol Definition: Roles for each of these groups are created
3 .- Group Definition: Group
teamA) at folder level [older-team-a] and group
teamB) at folder level [older-team-b]. So, going inside a folder and clicking on Groups, it can been seen:
So, if you click on the folder->Groups->Name of your Group [configure], it can be seen
teamA role granted at current level with the
So now, logging in as
user1, it only has access to