Role Based Strategy for Users
A free video tutorial from Renju Ratheesh
Engineering Delivery Head @ TVS Next
1 course
29,696 students
Learn more from the full course
Jenkins - The Complete Tutorial | Master CICD and DevOps
The All in One Definitive Course on Jenkins - Go from a novice to a Jenkins Guru. Learn DevOps & automate CICD pipeline
05:20:37 of on-demand video • Updated October 2018
We will start with understanding the concepts of DevOps, Continuous Integration, Continuous Delivery & Continuous Deployment.
We will understand how Jenkins fits perfectly as the CICD server. We will learn about its fundamentals & capabilities.
After learning how to install Jenkins, we will learn about the basics of a Jenkins job & its configuration options.
We will then move to see Jenkins in action in the CICD lifecycle & automate the pipeline from Code checkin, Quality Checks, Unit testing, functional testing & Deployments.
Source code repository – We will look at how Jenkins can integrate with GIT & be a starting point for automated builds based on developer checkins.
Code Quality – We will look at how Jenkins can integrate with code quality tools like SonarQube to highlight any issues with the developer code.
Automated Build, Test & Deployments – We will look at how Jenkins can trigger maven scripts to start a build, see how it can integrate with Selenium to automate functional testing & finally see how it can help with deploying the executables on web servers.
We will then move on to learning about the Jenkins pipeline where will cover about build pipeline, delivery pipeline, scripted pipelines & the famous declarative pipeline. Create a multi-stage Jenkins job and visualize the complicated pipeline.
Hello and welcome back. In the last video we saw how to use matrix based security option to control user permissions in Jenkins. But there was a drawback in that approach. I'm sure you're able to guess it. The approach works fine only if you have a handful of users and you are able to configure permissions for each of them individually. Now imagine a scenario where you have hundreds of users. It would become a big challenge to literally manage every user individually. Here is where a role based authorization comes in handy. Using the role based authorization strategy plugin, you can create roles and assign the same matrix based permissions to the roles. And when you are adding users, you merely have to assign them roles which in turn grants them permissions in. Jenkins. So let's go ahead and download the role based authorization strategy plugin first. Here I am in my Jenkins instance. Let's go ahead and click on Manage Jenkins. And click on manage plugins here. So as we saw earlier, this is the place where we have to come and install any new plugins that we need, right? So for us, we'll have to go down to the available section just to, just to jog your memory. Anything that's already installed will be in the install tab. Right. Anything that we need new, we have to go back to the available tab. So here, let us search for role based. There you go. That is the plugin that we need. Role based authorization strategy. Here is a small description again enables user authorization using a role based strategy. Right? So let's go ahead and select this and say download now and install after restart. The installation is now started. Let's just click on this so that Jenkins can restart. They go. Jenkins is actually restarting now. Here you go. Jenkins is restarting after installing the plugin. Okay, so we are back in the Jenkins dashboard page after installing the role based authorization strategy plugin. So now we should go back down to manage Jenkins go to configure global security. Once we are here under the authorization part, you should now see a new option which is called role based strategy plugin. Right. Let's select that and then click on Apply and Save. After doing that, if you come down here, you should see a new option which says manage and assign roles. Right. So this is a new option that has been installed after we install the role based authorization strategy plugin. So let's click on this. Here you see an option called manage roles. Let's go in there. So let's assume that in our company we have, say, two roles. One is the project team and the other one is the development. I mean the manager team, right? So let's go and add them here. Let's say project team. And then you have, say, a manager team, right? So these are global level roles. Okay. And let's give read access at this global level. Right. So that is the first part there. Now, let us add project related rules, right? So let us say we have developers. Let's say the the the pattern of the project that they use will be dev dot star. So let's add them. And then let's also create a project role called testers. And imagine that their project naming convention starts with Test dot star. Right. Let's add that also. So within here, let's grant them all the access. We don't need to give them access to credentials, but let's give them every other access, right? Okay. There we go. We have given all access except for the credential access to both the dev and tester roles. Right. So let's click on Save here. So now that we've created the roles, the next step is to assign these roles to the users that we just created. Right? Stephen and Mary. Right. So in the global role, let's go ahead and add them. Let's say, uh. Stephen. And Mary. Right. Let's say both of them belong to the project team. And then for the item related roles, let us add. Steven here. Let's add Mary as well. Let's say Steven will have Steven as a developer and Mary is a tester, right? So now let's go ahead and click on Save. Right. So now what we've done is we've created the roles and we've assigned roles to both Stephen and Mary, Right. Um, so let's go back to the Jenkins dashboard page here. So we have a couple of projects that start with Test. Let's go ahead and create a project that starts with Dev as well. Let's say Dev. Project one Let it be a freestyle project. Let's click on. Okay. I don't want to configure it right now, so I'm just going to click on Save Again. And if you go back to the Jenkins dashboard. You see the dev project? Right. So now let's go ahead and try and log in as Steven and Mary and see what they're able to see. Right. So let's open up a incognito window here. Let's say local. Let me sign in as Steven. There you go. Now, we've logged in Steven Wright, and he's got access to only the dev projects the test related jobs is not able to see because we have given him only access to the dev related projects. Now, for this specific project, he's got all the access so he's able to see it. He has the build option here and plus he has the. Configure option here. Right. So he has complete control over. The dev project here. But again, if you see here, he does not have the manage Jenkins option, right. So now let's try and log in as Mary. Let's just go ahead and log out Stephen here. Let's try to log in as Mary. Now, if you log in as Mary, if you see here, she has access only to the test related jobs and not to the dev development related projects. Right. And again, she has complete control over these projects. She can view them. She can run them. She's she's she's able to configure them. So she has full control over both these projects. So that's how we use the role based authorization strategy plugin to give access to users in Jenkins. Now, this is a much more flexible approach in terms of managing a lot of users because any time you add a new user, all you have to go back and do is assign them the roles, right? And at a later point in time, if you want to change the roles for all the developers, all you have to go and do is change the matrix that we defined for the developer role, right? And you're all set for all your developers. So this is a much more flexible and a more comprehensive approach to managing user security in Jenkins. This now brings us to the end of this video. To quickly recap, in this video, we learned how to create users in Jenkins. Then we learned about the different authentication and authorization options available in Jenkins. We then use the matrix based authorization to grant user access. And finally, we used the role based strategy plugin to create roles and grant user access. I hope you liked this video and I will see you in the next one. Until then, have fun and happy learning.