- We would like to allow users to only create folders at the main Jenkins level, and inside existing folders…but not create jobs (for instance Freestyle job, Pipeline, etc) at root.
This would be primarily for organizational purposes, etc. Would it be possible to setup security in
New Itemso that we can control what a user can create and what they cannot?
- CloudBees Jenkins Enterprise
- Role-Based Access Control Plugin (RBAC)
It is not possible to restrict the type of children for a client master. The Item/Create permission does not distinguish Folders from other items and that is why you have this limitation.
The only way to restrict item creation is to create a Folder and use the Restrict the kind of children in this folder option.
You could create a Top folder at the root of Jenkins Enterprise, and restrict it to contains Folders only. This Top Folder should only be managed by administrators. Other users should only have Item/Read at root level.
I create a Top Folder and restrict the kind of items:
I can only create Folders in it:
In created folders I can create any kind of Items:
For more advanced folder restriction scenarios, please see:
* Folders Plugin User Guide
* How to Grant Folder Access to Group Intersections with RBAC