Allow anonymous user to only view job list without browsing workspace in Jenkins
39,609
Solution 1
OK, so I've managed to do it:
- you need Role-based Authorization Strategy Plugin
- enable this authentication strategy in Configure Global Security
- in Manage and Assign Roles / Manage Roles create new role anonymous and authenticated for both global and project roles
- in Global roles grant anonymous role right only to Overall / Read (this will at the very least access anonymous user main jenkins screen with navigation and link to login page, not login prompt immediately)
- in Project role add anonymous role with regexp pattern that will match projects you want anonymous users to access and after adding this role grant it right to Job / Read and Job / Discover
- navigate to Manage and Assign Roles / Assign Roles and assign Anonymous user group to anonymous role (and authenticated users to specific groups). SAVE
Solution 2
With above https://wiki.jenkins.io/display/JENKINS/Role+Strategy+Plugin plugin
then you DO NOT need add authenticated role in Manage Roles page.
Screenshots: Manage Roles & Assign Roles
Related videos on Youtube
17 : 58
Jenkins Beginner Tutorial 5 - How to create Users + Manage + Assign Roles
24 : 22
Enable project-based Authorization |Restrict Manage Jenkins,Delete/Configure job option @ user level
07 : 23
6. Create first job in jenkins
39 : 51
Jenkins Full Course Session 7 | Jenkins Tutorial For Beginners | Jenkins Tutorial
02 : 12
Allow anonymous user to only view job list without browsing workspace in Jenkins
Author by
Wojtek
Updated on September 18, 2022Comments
-
Wojtek over 1 year
We are running a Jenkins CI. Generally we would like to provide
- full access to authenticated users from particular group
- full-read access to anonymous users
- block anonymous users to access certain projects (completely)
We use Unix user/group database and Project-based Matrix Authorization Strategy. Points (1) and (2) works well but we are having trouble achieving (3).
We have tried:
- in Global Security removing all rights to anonymous and then granting it in project-based security but after that all anonymous requests (even to main Jenkins page) yields login page
- in Global Security adding in steps following rights: View-Read (didn't work), Job-Discover (didn't work), Job-Read (didn't work), Overal-Read - this last one seemed to work however it gave the anonymous user too much rights and we weren't able to limit access to the particular project.
tl;dr
we want fully open (read-wise) Jenkins CI with a few projects completely hidden/blocked for anonymous.
-
s_t_e_v_e almost 11 yearsA related gotcha is that the role strategy is case sensitive in matching user names. I had entered uppercase user names on the "Assign Roles" page. I logged in with lower case username and even though my username is displayed in uppercase, no roles matched my user. My allowable permissions fell back to that of anonymous user. If I log in with uppercase username, it works.
-
Brad Wood almost 10 yearsWhile this answer works, you ever explained the purpose or configuration of the "authenticated" role.
-
Wojtek almost 10 yearsthat's just a shortcut - it can be "anonymous" and "priviliged"; I used "authenticated" because the subset of folks available to view and edit those particular hidden tasks would be equal to those that actually have the account.
-
Anand Varkey Philips over 5 yearsThis video helped me.. savjee.be/videos/get-started-with-jenkins/…
