CloudBees CI administrators can grant CasC-specific role permissions to users or groups so that they can perfom different tasks with CasC bundles.
The CasC-specific permissions include:
-
Administer: This role permission grants overall CasC permissions to a user or group without granting them overall cluster permissions. Users and groups with this permission can perform actions such as:
-
view the update log
-
view which branch or bundle is in use
-
export the bundle
-
-
Checkout: This permission grants users the ability to checkout bundles.
-
Item: This permission grants users the ability to perform certain actions on a controller such as:
-
create an item using the endpoint/CLI
-
create a group that is attached to an item
-
Manage RBAC for an item
-
-
Read: This permissions grants users the ability to see which branch or bundle is in use in the operations center or in a controller.
-
ReadCheckout: This permission grants users the ability to see which bundle was checked out by the operations center.
Administering CasC role permissions require the following:
-
Install the CloudBees CasC Shared plugin on your CloudBees CI cluster.
-
Enable the
MANAGE
orSYSTEM_READ
permissions so that the CasC Administer and Read role permissions display in the UI. Set these permissions via thejenkins.security.ManagePermission
orjenkins.security.SystemReadPermission
system properties as shown in the examples below.-
-Djenkins.security.ManagePermission=true
-
-Djenkins.security.SystemReadPermission=true
-
The MANAGE permission is a Preview feature currently in Beta stage. In addition to enabling this permission via the the jenkins.security.ManagePermission system property, you can also enable it by installing the Overall/Manage permission enabler plugin (manage-permission ).
|
A Preview feature:
Product features and documentation are frequently updated. If you find an issue or have a suggestion, please contact CloudBees Support. |
Grant CasC permissions to a user or group
The following steps describe how to grant CasC Administer permissions to a user. Use these same steps when granting other CasC permissions to a user.
-
Create a new role (if the role has not been created).
-
From the Dashboard, navigate to
. -
In the Role to add field, add a new role. In this example,
CasC Admin
. -
Navigate to CloudBees CasC Permissions and select the necessary permissions for this role. For the CasC Admin role created in the previous step select Administer.
Figure 1. Assign CasC role permission
-
-
Select Save.
-
Assign the role to a group.
-
On the left navigation pane, select Groups and then select New Group.
-
Enter the Group name (
CasC Admins
) and select OK. The group configuration page displays. -
Under Roles, select the Granted checkbox next to CasC Admins to grant the Administer permissions to the group.
Figure 2. Grant CasC administer permissions to the group -
To save the permissions assigned to the group, select Save.
-
On the left navigation pane, select Add user and enter the user ID.
-
Select OK. The group configuration page displays roles, members, and permissions for the group.
Figure 3. CasC administrators group page
-