Security overview

2 minute readSecurity

CloudBees CD/RO provides security by assigning roles and privileges to specific users and groups on:

  • System objects including applications, microservices, environments, projects, jobs, and schedules.

  • Actions performed on deployment models.

CloudBees CD/RO uses access control, project-level security, credentials, and impersonation to enforce roles and privileges when executing deployment steps.

Access control

CloudBees CD/RO uses access control to provide security for all system objects. This mechanism controls how users and groups use the system. Users must log in to view information or to perform operations (actions). After users log in, their system access is limited based on:

  • The user name

  • The groups to which the user belongs

  • The permissions specified for various CloudBees CD/RO objects

Project-level security

Multiple project support is available for applications or microservices, pipelines, releases, environments, master components, resources, and environment templates. Multiple project support is also available for platform objects, such as artifacts, procedures, jobs, schedules, and workflows. These objects, as well as the objects belonging to them, can be in any project within CloudBees CD/RO.

This significantly improves object management at scale by allowing:

  • Access control list (ACL) inheritance: All objects in a project inherit the access control settings from the project, providing better security for all objects. Objects such as applications or microservices, environments, pipelines, and releases can be managed in their own projects and inherit the ACL at the project-level. This significantly simplifies permissions management.

  • Logical grouping: This allows users to better manage, deploy, and release objects under various projects that are logically mapped. For example, grouping by users, roles, geography, department, and so on; resulting in easier maintenance.

For an example of how to select a project for an application or microservice, refer to Modeling and deploying traditional applications. You can also use API commands to do this:

  • Use the createApplication API command to create a new application for a specific project.

  • Use the createService API command to create a new microservice for a specific project.

  • Use the createProcess command to create an application, microservice, or component process for a specific project.