Jan, did you consider setting the Security Realm to CollabNet and Authorization using Project-based Matrix. It gives you SSO between Teamforge and Jenkins and more RBAC granularity at the project level.
Its a work around, but I thought it might work for you…. Regards On May 24, 2012, at 5:05 PM, Jan Seidel wrote: > Hi Darryl, > > yes I have checked these links before. > The problem is the project level described there allows only one > configuration for all jobs. > As example the role "Hudson configure" grants the users in this role to > configure all jobs in Jenkins. This is no good as the GUI developers should > not be entitled to change the jobs for the source code and vice versa. > Or > testers may spawn jobs which normally are only triggered by cron job or > admins/integrators while continous builds can be triggered by developers but > the developers must only be able to trigger the CB jobs. > I don't see how to split the groups and assign the roles resulting by this > split to single jobs. > > The projects described are addressing Collabnet TeamForge (CTF) projects and > not Jenkins projects/jobs. > It is not possible for us to split the CTF project due to the nature of the > collaboration between us, the suppliers and the customers. This has to be > managed with roles on project level only. > Even if I could split everything in TeamForge to smaller projects to reach > that level of granularity does each CTF project require a fee. And believe me > it is not cheap... > > Take care > Jan > > Am Donnerstag, 24. Mai 2012 16:27:58 UTC+2 schrieb Darryl Bowler: > Have you seen this? > http://wiki.hudson-ci.org/display/HUDSON/CollabNet+Plugin -> Authentication > or > http://wiki.hudson-ci.org/display/HUDSON/Authentication > > Look at "Authorize users at the project level" > > Regards > > On May 24, 2012, at 4:20 AM, Jan Seidel wrote: > >> Hi folks, >> >> I've got a question. >> Is it possible to create and individually assign new roles to Jenkins >> projects? >> I haven't found an project based security matrix for CTF roles but really >> need one. currently is it afaik only possible to assign entire TeamForge >> projects to a Jenkins project. That's a real no go, as our >> customers/suppliers etc.must not peek around especially as we serve >> competitors. >> We have loads of job categories like: >> Tests/code analysis (cron triggered) >> Nightly build (cron triggered but testers may also spawn them manually) >> Continous builds (SCM polled and manually spawned by developers >> Release builds (Integrators only) >> and many more... >> I dont want to assign people the permission to delete/configure/build/read >> to projects which are not of their business. >> >> There are many different aspects of security atm that really makes me >> consider to roll back from the collabnet plugin and pickup some old tools >> and LDAP authentication. >> But that's counteracting our approach to consolidate the entire >> infrastructure ... >> >> Does someone have an advice how to tackle a fine grained permission system >> based on the collabnet plugin? >> >> Cheers >> Jan >> >
