CloudBees CD/RO provides security by assigning roles and privileges to specific users and groups on:
-
System objects including applications, microservices, environments, projects, jobs, and schedules.
-
Actions performed on deployment models.
CloudBees CD/RO uses access control, project-level security, credentials, and impersonation to enforce roles and privileges when executing deployment steps.
-
To get started with credentials and impersonation, refer to Credentials and user impersonation.
-
For an example of how to define roles and privileges restricted to a specific user environment, refer to Use case: Attach credentials in deployment automation.
Access control
CloudBees CD/RO uses access control to provide security for all system objects. This mechanism controls how users and groups use the system. Users must log in to view information or to perform operations (actions). After users log in, their system access is limited based on:
-
The user name
-
The groups to which the user belongs
-
The permissions specified for various CloudBees CD/RO objects
For more information on how CloudBees CD/RO enforces access control and for security examples using access control, refer to Access control. |
Project-level security
Multiple project support is available for applications or microservices, pipelines, releases, environments, master components, resources, and environment templates. Multiple project support is also available for platform objects, such as artifacts, procedures, jobs, schedules, and workflows. These objects, as well as the objects belonging to them, can be in any project within CloudBees CD/RO.
This significantly improves object management at scale by allowing:
-
Access control list (ACL) inheritance: All objects in a project inherit the access control settings from the project, providing better security for all objects. Objects such as applications or microservices, environments, pipelines, and releases can be managed in their own projects and inherit the ACL at the project-level. This significantly simplifies permissions management.
-
Logical grouping: This allows users to better manage, deploy, and release objects under various projects that are logically mapped. For example, grouping by users, roles, geography, department, and so on; resulting in easier maintenance.
For an example of how to select a project for an application or microservice, refer to Model and deploy traditional applications. You can also use API commands to do this:
-
Use the
createApplication
API command to create a new application for a specific project. -
Use the
createService
API command to create a new microservice for a specific project. -
Use the
createProcess
command to create an application, microservice, or component process for a specific project.
|