Allow anonymous user to only view job list without browsing workspace in Jenkins
We are running a Jenkins CI. Generally we would like to provide
- full access to authenticated users from particular group
- full-read access to anonymous users
- block anonymous users to access certain projects (completely)
We use Unix user/group database and Project-based Matrix Authorization Strategy. Points (1) and (2) works well but we are having trouble achieving (3).
We have tried:
- in Global Security removing all rights to anonymous and then granting it in project-based security but after that all anonymous requests (even to main Jenkins page) yields login page
- in Global Security adding in steps following rights: View-Read (didn't work), Job-Discover (didn't work), Job-Read (didn't work), Overal-Read - this last one seemed to work however it gave the anonymous user too much rights and we weren't able to limit access to the particular project.
tl;dr
we want fully open (read-wise) Jenkins CI with a few projects completely hidden/blocked for anonymous.
Solution 1:
OK, so I've managed to do it:
- you need Role-based Authorization Strategy Plugin
- enable this authentication strategy in Configure Global Security
- in Manage and Assign Roles / Manage Roles create new role anonymous and authenticated for both global and project roles
- in Global roles grant anonymous role right only to Overall / Read (this will at the very least access anonymous user main jenkins screen with navigation and link to login page, not login prompt immediately)
- in Project role add anonymous role with regexp pattern that will match projects you want anonymous users to access and after adding this role grant it right to Job / Read and Job / Discover
- navigate to Manage and Assign Roles / Assign Roles and assign Anonymous user group to anonymous role (and authenticated users to specific groups). SAVE
Solution 2:
With above https://wiki.jenkins.io/display/JENKINS/Role+Strategy+Plugin
plugin
then you DO NOT need add authenticated
role in Manage Roles page.
Screenshots: Manage Roles & Assign Roles