CloudBees subfolder access with anonymous user issue

Issue

  • I want that anonymous user only have access to the content of a folder (folder-1) but not to the content of a subfolder inside that folder (folder-2) (folder-1/folder-2).

Environment

  • CloudBees Jenkins Enterprise
  • RBAC plugin

Resolution

Let’s say I have on my Jenkins dashboard the following job and folder.

Screen_Shot_2015-03-05_at_12.11.12.png

And then inside my-folder-2 the following items:

Screen_Shot_2015-03-05_at_12.11.23.png

The goal will be to grant the anonymous access to the elements inside my-folder-2, but not to the elements inside my-folder-3.

The first thing you need to do is to create a new role that I am going to call anonymous-internal with at least Overall/Read and Job/Read permission. Notice that in my example anonymous and authenticated users have Overall/Read permission.

Screen_Shot_2015-03-05_at_12.17.10.png

Then, at my-folder-2 level I have created a new group of users called anonymous-internal-2, in which the “anonymous” user is a member. I granted to the anonymous-internal-2 user group the role “anonymous-internal” grated at current level and with the Propagates option enabled.

Screen_Shot_2015-03-05_at_12.20.41.png

This group should then have a configuration like the one below:

Screen_Shot_2015-03-05_at_12.15.32.png

The next step, it is still easiest. You just need to go at my-folder-3 level and filter-out the anonymous-internal role.

Screen_Shot_2015-03-05_at_12.24.27.png

So now, if I access Jenkins as anonymous, this is what I can see:

Screen_Shot_2015-03-05_at_12.25.24.png

Screen_Shot_2015-03-05_at_12.25.30.png

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.