- My RBAC configuration is not working as expected.
From our experience in support, most of the RBAC issues are related to lack of practise in this feature. That’s why before jumping to a particular RBAC implementation the best thing to do it is try to reproduce the following example-scenarios within your instance depending on your case:
- Case A: RBAC configuration in Client Master managed by an Operation Center
- Case B: RBAC configuration in an isolated Client Master
Required Data RBAC issues
Having gained the necessary skills, in the case you still have some questions about your particular implementation follow this article to collect the minimum required information for troubleshooting RBAC issues.
If the required data is bigger than 20 MB you will not be able to use ZenDesk to upload all the information. In this case we would like to encourage you to use our upload service in order to attach all the required information.
- CloudBees Jenkins Enterprise - Managed Master (CJE-MM)
- CloudBees Jenkins Enterprise - Operations Center (CJE-OC)
- CloudBees Jenkins Platform - Client Master (CJP-CM)
- CloudBees Jenkins Platform - Operations Center (CJP-OC)
Required Data check list
- Explanation of your desired Authorization set-up
- Existing configuration depending on your case:
Case A: RBAC configuration in Client Master managed by an Operation Center
- Support Bundle of the Operation Center
- Support Bundle of the Master
- RBAC Report for Operation Center
- RBAC Report for Master
- RBAC definition for Operation Center
- RBAC definition for Master
Case B: RBAC configuration in an isolated Client Master
- Support Bundle of the Master
- RBAC Report for the Master
- RBAC definition for the Master
Description of the items
Explanation of your desired Authorization set-up
- Who - Users/Groups (external).
- What - Permissions.
- Where - Containers (e.g for specific item like master, folder or in the whole instance).
RBAC Reports and Definition from your existing configuration might help to understand the new Authorization model implementation.
A support bundle from the Jenkins instance while the issue is exposed. Please, follow the KB below in case you don’t know how to generate a support bundle.
Prerequisite: you need
Overall - RunScripts Admin permission to the run the following scripts.
RBAC configuration is defined at different container levels (Root, Client Masters, Folders and particular items) thus the following scripts get an RBAC report by going through those containers and retrieving their RBAC definition.
Copy the output from executing this script in
JENKINS_URL/script and paste to new file
nectar-rbac.xmlfor RBAC group configuration at root level, including roles.
config.xmlof the folder where you wish to restrict its access plus its parent folders.
In the following example, if you need assistance to restrict access to Example Project 2 where Example.job 5 and 6 are hosted, these following files would be needed:
JENKINS_HOME/Example Team B/config.xml and
JENKINS_HOME/Example Team B/Example Project 2/config.xml
. --- ROOT |--- Example Team B |--- Example Project 1 |--- Example Project 2 |--- Example.job 5 |--- Example.job 6