How do I restrict agents from being viewed?

Article ID:115002659432
1 minute readKnowledge base

Issue

  • A user with System.READ is able to see all Jenkins agents even though they cannot see any jobs.

  • I would like to prevent users from seeing the details of agents connected to Jenkins unless I explicitly grant them such a permission.

Environment

  • CloudBees Jenkins Enterprise - Managed controller (CJE-MM)

  • Jenkins LTS

Resolution

To restrict viewing of agents, two features of Jenkins are required:

  • Custom view with Filter build queue and Filter build executors enabled

  • Restrict jobs to agent

    1. Create a new list view by clicking the + icon next to the current All view on the main Jenkins homepage.

create new view

  1. Enable the options Filter build queue and Filter build executors. These options will allow the build queue and build executors to show only those that are related to the jobs selected.

    Select the jobs that are to be shown by this view. Note, if this view is to replace the current All view, select all jobs or use an appropriate regular expressions to select all jobs. You may further restrict users based on role permissions or user permissions.

new view options

  1. Configure jobs to be restricted on particular agents to have the view filter on only these agents.

restrict job to agent

  1. Comparing this with the original All view above, you will see only one executor present.

filtered view jenkins
filtered view job

  1. Lastly, to remove the previous default All view, go to Jenkins > Manage Jenkins > Configure System > Default View and select your new filtered view. This option is only available when there are more than one list view available. Once you have selected the new default view, you may go back to the old All view and Delete view.