Access control for jobs

2 minute readAutomation

When a job executes, it usually needs to access objects in CloudBees CD/RO. For example, a job step command may refer to a parameter value, which is a property associated with the job object. Or a step may invoke ectool to modify properties or any other CloudBees CD/RO state. This process leads to the following types of questions:

Under which username does the job execute?
  • Procedures always run under the project principal user ID for the project that contains the procedure.

  • If a procedure invokes a subprocedure in another project, that subprocedure runs under its own project’s project principal and the project principal of its calling procedure.

  • When a procedure is running under multiple project principals, its steps can perform any operations that any one of its project principals allow.

How does CloudBees CD/RO initialize job permissions when the job starts?

This question pertains to job object permissions. When a job starts, CloudBees CD/RO sets full access control entries on the job for the project principal and the user who launched the job—assuming the job was launched by a user and not a schedule.

What permissions are needed to abort a job?

Aborting a job requires the Execute permission on the job. If a job is launched by a user, that user is given all privileges on the job. If a job is launched by a schedule, the schedule’s Execute permissions are copied to the job.

The access control system determines if jobs can be executed:

  • For a user to run a job without creating a schedule, the user must have the Execute permission on the top-level procedure being executed.

  • To create a schedule to run a procedure, a user must have the Modify permission for the project containing the schedule. After the schedule is created, no additional permissions are required to start jobs using the schedule.