I've had a quick look at it and I have figured out how to get it working.
The problem is the default right is set to deny and the only right that is
allowed is forceBuild. There is a right called viewProject which controls
the visibility of projects - when the default right is Deny then projects
will be hidden in the dashboard. So the easiest way to solve this problem is
to add the viewProject right to the role:
<rolePermission name="Releaser Engineer" forceBuild="Allow"
defaultRight="Deny" viewProject="Allow">
<users>
<userName name="Bob"/>
</users>
</rolePermission>
Once this is in place you should be able to see the projects once you are
logged on - but this is a bit flaky in the dashboard unfortunately :-(
When you first go to the dashboard you get the farm level report - which
includes all the individual CC.NET servers (if you have more than one.)
However there is no login option on this page - instead you need to go to a
server and login for that server. Once you are logged into a server then the
projects will appear in the farm level report. To complicate matters there
is a bug in the dashboard that only allows people to login to only one
server at a time :-(
The other alternate, if you want everybody to see the project in the
dashboard, is to set a guest account that has the viewProject right. This
involves three steps:
1. Add a new user for the Guest account
2. Add the permissions (either at the project or server level) saying which
permissions the account has
3. Set the user account as the guest account
Here is an example of one way of doing this:
<cruisecontrol xmlns="http://thoughtworks.org/ccnet/1/6";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<internalSecurity>
<users>
<simpleUser name="Guest" />
<!-- Other users -->
</users>
</permissions>
</internalSecurity>
<project name="SecurityTest">
<!-- Other project configuration -->
<security xsi:type="defaultProjectSecurity">
<defaultRight>Deny</defaultRight>
<guest>Guest</guest>
<permissions>
<userPermission user="Guest">
<defaultRight>Deny</defaultRight>
<viewProject>Allow</viewProject>
</userPermission>
<!-- Other permissions -->
</permissions>
</security>
</project>
</cruisecontrol>
Hope this helps,
Craig
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of capt edgar
Sent: Wednesday, 16 February 2011 3:16 p.m.
To: ccnet-user
Subject: [ccnet-user] Re: Setting up Security
Thanks Craig,
Before you could do that bit over the weekend is it possible for you to look
at my example above and suggest what's wrong with it?
regards
On Feb 15, 7:09 pm, "Craig Sutherland" <[email protected]>
wrote:
> Hi,
>
> I think the examples in my blog are a bit out of date, I'll see if I
> can put together some more up-to-date examples this week-end.
>
> Craig
>
>
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> On
>
> Behalf Of capt edgar
> Sent: Wednesday, 16 February 2011 12:00 a.m.
> To: ccnet-user
> Subject: [ccnet-user] Re: Setting up Security
>
> Did some investigation on this but could not find the right document.
> I tried Craig and Sammie's blog to see if there are any updates to this.
> The link provided in the blog leads to just sourceforge.net homepage
>
> can anyone advice me a solution to this or guide me to right
> documentation please?
> you help is very much appreciated
>
> On Feb 13, 10:46 pm, capt edgar <[email protected]> wrote:
> > Hi there
>
> > i'm testing the security feature of my CruiseControl install (version:
> > 1.5.7256.1) and i'm following the security scenario 1 in the docs
> > section ( Scenario #1: Small In-house Development Team)
>
> > So far i have add the following things into my CCNet.config
>
> > <internalSecurity>
> > <audit>
> > <xmlFileAudit/>
> > </audit>
> > <auditReader type="xmlFileAuditReader"/>
> > <users>
> > <!-- Authenticated users -->
> > <!-- Password are not windows login password but the one
> > created specially for CC -->
> > <passwordUser name="Sam" display="Developer"
> > password="Sam1"/>
> > <passwordUser name="Bob" display="Release Engineer"
> > password="Bob1"/>
> > </users>
> > <permissions>
> > <!-- Roles -->
> > <rolePermission name="Developer" forceBuild="Allow"
> > defaultRight="Deny">
> > <users>
> > <userName name="Sam"/>
> > </users>
> > </rolePermission>
> > <rolePermission name="Releaser Engineer" forceBuild="Allow"
> > defaultRight="Deny">
> > <users>
> > <userName name="Bob"/>
> > </users>
> > </rolePermission>
> > </permissions>
> > </internalSecurity>
>
> > And in my project section i have added the following
>
> > <security type="defaultProjectSecurity" defaultRight="Deny">
> > <permissions>
> > <!-- Grant permissions to this project -->
> > <rolePermission name="Releaser Engineer" ref="Releaser
> > Engineer">
> > <users>
> > <userName name="Bob"/>
> > </users>
> > </rolePermission>
> > </permissions>
> > </security>
>
> > What this has done for me is
>
> > On my web dashboard, i can't see the project in which i have added
> > the above section Also when i log in with my username and password
> > which i added in the internalsecurity section, i still can't view the
project.
> > tried the same with my windows username and password and i still
> > can't see the project
>
> > I'm a newbie here testing, trying and learning CC, can u please
> > advice what's going wrong here All i want is to 3 sets of roles one
> > for Developers, Release Engineers, Managers Developers view should
> > have all the projects to view and permissions to only few to build,
> > stop/start projects.
> > Release Engineers view should have all the projects and have
> > permissions to build, stop/start projects Managers view should not
> > have all the projects but only a few and no permissions to build,
> > stop/start any projects.
>
> > Regards- Hide quoted text -
>
> - Show quoted text -
