Hi Stephen, I've just checked RBAC from cloudbees. It's not meeting my requirements as it does not collaborate with TeamForge as far as I can tell... I think I will have to discuss it with the project leads. I see at the moment 4 options:
- Keep it as is *yuk* - bail out and revert to LDAP *yuk* - Convince the maintainer/Collabnet to extend the functionality of the plugin - Create a plugin and/or contribute to the existing open source plugin if capacity is available. We create highly sophisticated automotive software in all kind of programming languages so it is possible but rather an economical matter. Maybe do Alex or Kohsuke see this as a good opportunity to attract more customers ;) Cheers Jan Am Freitag, 25. Mai 2012 00:13:17 UTC+2 schrieb Stephen Connolly: > > <shameless-plug> > It is most likely that the Jenkins Enterprise by CloudBees RBAC plugin > would give you what you want... Of course you'd have to pay for that, hence > why this is a plug > </shameless-plug> > > On Thursday, 24 May 2012, Jan Seidel wrote: > >> Hi Darryl, >> >> yes I have checked these links before. >> The problem is the project level described there allows only one >> configuration for all jobs. >> As example the role "Hudson configure" grants the users in this role to >> configure all jobs in Jenkins. This is no good as the GUI developers should >> not be entitled to change the jobs for the source code and vice versa. >> Or >> testers may spawn jobs which normally are only triggered by cron job or >> admins/integrators while continous builds can be triggered by developers >> but the developers must only be able to trigger the CB jobs. >> I don't see how to split the groups and assign the roles resulting by >> this split to single jobs. >> >> The projects described are addressing Collabnet TeamForge (CTF) projects >> and not Jenkins projects/jobs. >> It is not possible for us to split the CTF project due to the nature of >> the collaboration between us, the suppliers and the customers. This has to >> be managed with roles on project level only. >> Even if I could split everything in TeamForge to smaller projects to >> reach that level of granularity does each CTF project require a fee. And >> believe me it is not cheap... >> >> Take care >> Jan >> >> Am Donnerstag, 24. Mai 2012 16:27:58 UTC+2 schrieb Darryl Bowler: >>> >>> Have you seen this? >>> http://wiki.hudson-ci.org/**display/HUDSON/CollabNet+**Plugin<http://wiki.hudson-ci.org/display/HUDSON/CollabNet+Plugin> >>> -> >>> Authentication >>> or >>> http://wiki.hudson-ci.org/**display/HUDSON/Authentication<http://wiki.hudson-ci.org/display/HUDSON/Authentication> >>> >>> Look at "Authorize users at the project level" >>> >>> Regards >>> >>> On May 24, 2012, at 4:20 AM, Jan Seidel wrote: >>> >>> Hi folks, >>> >>> I've got a question. >>> Is it possible to create and individually assign new roles to Jenkins >>> projects? >>> I haven't found an project based security matrix for CTF roles but >>> really need one. currently is it afaik only possible to assign entire >>> TeamForge projects to a Jenkins project. That's a real no go, as our >>> customers/suppliers etc.must not peek around especially as we serve >>> competitors. >>> We have loads of job categories like: >>> >>> - Tests/code analysis (cron triggered) >>> - Nightly build (cron triggered but testers may also spawn them >>> manually) >>> - Continous builds (SCM polled and manually spawned by developers >>> - Release builds (Integrators only) >>> - and many more... >>> >>> I dont want to assign people the permission to >>> delete/configure/build/read to projects which are not of their business. >>> >>> There are many different aspects of security atm that really makes me >>> consider to roll back from the collabnet plugin and pickup some old tools >>> and LDAP authentication. >>> But that's counteracting our approach to consolidate the entire >>> infrastructure ... >>> Does someone have an advice how to tackle a fine grained permission >>> system based on the collabnet plugin? >>> >>> Cheers >>> Jan >>> >>> >>>
