CloudBees CD/RO provides security by assigning roles and privileges to specific users and groups on:
-
System objects including applications, microservices, environments, projects, jobs, and schedules.
-
Actions performed on deployment models.
CloudBees CD/RO uses access control, project-level security, credentials, and impersonation to enforce roles and privileges when executing deployment steps.
-
To get started with credentials and impersonation see Credentials and impersonation.
-
For an example of how to define roles and privileges restricted to a specific user environment, see Use Case: Attaching Credentials in Deployment Automation.
Access control
CloudBees CD/RO uses access control to provide security for all system objects. This mechanism controls how users and groups use the system. Users must log in to view information or to perform operations (actions). After users log in, their system access is limited based on:
-
The user name
-
The groups to which the user belongs
-
The permissions specified for various CloudBees CD/RO objects
-
Refer to Access control for more information about how CloudBees CD/RO enforces access control and for security examples using access control.
-
For instructions on how to set up access control, refer to these topics:
Project-level security
Multiple project support is available on applications or microservices, pipelines, releases, environments, master components, resources, and environment templates as well as platform objects (such as artifacts, procedures, jobs, schedules, and workflows) These objects, as well as the objects belonging to them, can be in any project within CloudBees CD/RO.
This significantly improves object management at scale by allowing:
-
ACL inheritance—All objects in a project inherit the access control settings from the project, providing better security for all the objects. Objects such as applications or microservices, environments, pipelines, and releases can be managed in their own projects and will inherit the ACLs setup at the project level. This significantly simplifies permissions management.
-
Logical grouping—This allows users to better manage deploy and release objects under various projects that are logically mapped by users, roles, geography, department, and so on, resulting in easier maintenance.
For an example of how to select a project for an application or microservice, see Example: Modeling and Deploying Applications or Microservices . You can also use API commands to do this:
-
Use the
createApplication
API command to create a new application for a specific project. -
Use the
createService
API command to create a new microservice for a specific project. -
Use the
createProcess
command to create an application, microservice, or component process for a specific project.
For details about these commands, see CloudBees CD/RO Perl API Commands Overview. For details about authoring and deploying an application or microservice, see Example: Modeling and Deploying Applications or Microservices . For an example of how to select a project for a Release, see Release Definition . You can also use the createRelease
API command to define a Release for a specific project.