Restricting the ability for users to create projects at the Jenkins top-level vs inside Folders

Article ID:221087168
1 minute readKnowledge base

Issue

  • We would like to allow users to only create folders at the main Jenkins level, and inside existing folders…​but not create jobs (for instance Freestyle job, Pipeline, etc) at root. This would be primarily for organizational purposes, etc. Would it be possible to setup security in New Item so that we can control what a user can create and what they cannot?

Environment

  • CloudBees Jenkins Enterprise

  • Folders

  • Role-Based Access Control Plugin (RBAC)

Resolution

It is not possible to restrict the type of children for a client controller. The Item/Create permission does not distinguish Folders from other items and that is why you have this limitation.

The only way to restrict item creation is to create a Folder and use the Restrict the kind of children in this folder option.

You could create a Top folder at the root of Jenkins Enterprise, and restrict it to contains Folders only. This Top Folder should only be managed by administrators. Other users should only have Item/Read at root level.

Example

I create a Top Folder and restrict the kind of items:

top folder config

I can only create Folders in it:

In created folders I can create any kind of Items:

Addendum

For more advanced folder restriction scenarios, please see: