Security

CloudBees Flow provides security by assigning roles and privileges to specific users and groups on:

  • System objects including applications, microservices, environments, projects, jobs, and schedules.

  • Actions performed on deployment models.

CloudBees Flow uses access control, project-level security, and credentials and impersonation to enforce roles and privileges when executing deployment steps. For an example of how to define roles and privileges when a specific user is allowed to deploy an application or microservice only to a specific environment, see Use Case: Attaching Credentials in Deployment Automation.

Access Control

CloudBees Flow uses access control to provide security for all system objects. This mechanism controls how users and groups use the system. Users must log in to view information or to perform operations (actions). After users log in, their system access is limited based on:

  • The user name

  • The groups to which the user belongs

  • The permissions specified for various CloudBees Flow objects

Go to Access Control for more information about how CloudBees Flow enforces access control and for security examples using access control. For instructions on how to set up access control, go to these topics:

Project-Level Security

Multiple Project support is available on applications or microservices, pipelines, releases, environments, Master Components, resources, and environment templates as well as platform objects (such as artifacts, procedures, jobs, schedules, and workflows) These objects, as well as the objects belonging to them, can be in any project within CloudBees Flow.

This significantly improves object management at scale by allowing:

  • ACL inheritance—All objects in a project inherit the access control settings from the project, providing better security for all the objects. Objects such as applications or microservices, environments, pipelines, and releases can be managed in their own projects and will inherit the ACLs setup at the project level. This significantly simplifies permissions management.

  • Logical grouping—This allows users to better manage deploy and release objects under various projects that are logically mapped by users, roles, geography, department, and so on, resulting in easier maintenance.

For an example of how to select a project for an application or microservice, see Example: Modeling and Deploying Applications or Microservices . You can also use API commands to do this:

  • Use the createApplication API command to create a new application for a specific project.

  • Use the createService API command to create a new microservice for a specific project.

  • Use the createProcess command to create an application, microservice, or component process for a specific project.

For details about these commands, see CloudBees Flow Perl API Commands Overview. For details about authoring and deploying an application or microservice, see Example: Modeling and Deploying Applications or Microservices . For an example of how to select a project for a Release, see Release Definition . You can also use the createRelease API command to define a Release for a specific project.

Copyright © 2010-2020 CloudBees, Inc.Online version published by CloudBees, Inc. under the Creative Commons Attribution-ShareAlike 4.0 license.CloudBees and CloudBees DevOptics are registered trademarks and CloudBees Core, CloudBees Flow, CloudBees Flow Deploy, CloudBees Flow DevOps Insight, CloudBees Flow DevOps Foresight, CloudBees Flow Release, CloudBees Accelerator, CloudBees Accelerator ElectricInsight, CloudBees Accelerator Electric Make, CloudBees CodeShip, CloudBees Jenkins Enterprise, CloudBees Jenkins Platform, CloudBees Jenkins Operations Center, and DEV@cloud are trademarks of CloudBees, Inc. Most CloudBees products are commonly referred to by their short names — Accelerator, Automation Platform, Flow, Deploy, Foresight, Release, Insight, and eMake — throughout various types of CloudBees product-specific documentation. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Jenkins is a registered trademark of the non-profit Software in the Public Interest organization. Used with permission. See here for more info about the Jenkins project. The registered trademark Jenkins® is used pursuant to a sublicense from the Jenkins project and Software in the Public Interest, Inc. Read more at www.cloudbees.com/jenkins/about. Apache, Apache Ant, Apache Maven, Ant and Maven are trademarks of The Apache Software Foundation. Used with permission. No endorsement by The Apache Software Foundation is implied by the use of these marks.Other names may be trademarks of their respective owners. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this content, and CloudBees was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this content, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.