How do I restrict agents from being viewed?

Issue

A user with System.READ is able to see all Jenkins agents even though they cannot see any jobs.
I would like to prevent users from seeing the details of agents connected to Jenkins unless I explicitly grant them such a permission.

Environment

CloudBees Jenkins Enterprise - Managed controller (CJE-MM)
Jenkins LTS

Resolution

To restrict viewing of agents, two features of Jenkins are required:

Custom view with Filter build queue and Filter build executors enabled
Restrict jobs to agent
1. Create a new list view by clicking the + icon next to the current All view on the main Jenkins homepage.

Enable the options Filter build queue and Filter build executors. These options will allow the build queue and build executors to show only those that are related to the jobs selected.

Select the jobs that are to be shown by this view. Note, if this view is to replace the current All view, select all jobs or use an appropriate regular expressions to select all jobs. You may further restrict users based on role permissions or user permissions.

Configure jobs to be restricted on particular agents to have the view filter on only these agents.

Comparing this with the original All view above, you will see only one executor present.

Lastly, to remove the previous default All view, go to Jenkins > Manage Jenkins > Configure System > Default View and select your new filtered view. This option is only available when there are more than one list view available. Once you have selected the new default view, you may go back to the old All view and Delete view.

This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.