KBEC-00009 - Enabling remote employee access at certain times each day

Article ID:360033195211
2 minute readKnowledge base


This article describes how to control CloudBees CD (CloudBees Flow) object permissions automatically, based on the time of day. The solution uses Access Control List Entries (ACE’s) and schedules.

For example, if you have team members who are in different parts of the world and in different time zones, you might have your core team in time zone A. During business hours in time zone A, you may want those people to have ++exclusive++ control to start builds. During the off-hours in time zone A, you can grant access to another group in time zone B. In this way, team members in time zone A do not need to be awakened in the middle of the night to start a build.


Create a procedure that runs once each hour. When this procedure runs, it checks the time of day. Based on the time, it sets the "execute" permission for an CloudBees CD (CloudBees Flow) group to "allow" or "deny" execution privileges for a group named "Remote SCM".


Create a procedure to calculate and set the ACE

This procedure is called TimedAccess , and uses Perl to determine the time of day and decide whether to allow or grant permission. The procedure sets the permission for a group called Remote SCM on a project named CB Testing. Next, it sets the read privilege to "allow", the modify and change privileges to "deny", and the execute privilege to "allow" or "deny", based on the time of day.




# allow access anytime outside the hours of 9AM to 5PM, local time

my ($sec, $min, $hour, $mday, $mon, $day, $year, $wday, $yday, $isdst) = localtime(time);

my $executePermission  = ($hour < 9  ||  $hour >= 17) ? "allow" : "deny";

# delete any existing ACL Entry and create a new one

`ectool deleteAclEntry group "Remote SCM" --projectName "CB Testing"`;

my $cmd = 'ectool createAclEntry group "Remote SCM" --projectName "CB Testing" ' .

              '--readPrivilege allow ' .

              '--modifyPrivilege deny ' .

              '--changePermissionsPrivilege deny ' .

              '--executePrivilege ' . $executePermission;

my $response = `$cmd`;

print $response if $?

Create a schedule to run the TimedAccess procedure

The schedule is called HourlyCheck and set to run every hour on the hour to adjust the permissions.


Schedule name: HourlyCheck

    Procedure: TimedAccess

   Repetition: Run Every 1 hour from 00:00 to 23:01

Applies To…​

  • Product versions - ElectricCommander 1.0 and above

  • OS versions - all supported CloudBees CD (CloudBees Flow) OS versions