Jenkins Matrix-based security authorization

Jenkins Matrix-based security authorizationΒΆ

The DriveTrain Jenkins uses Matrix-based security authorization by default. It allows you to grant specific permissions to users and groups. Jenkins uses DriveTrain OpenLDAP server as an identity provider and authentication server.

By default, the Jenkins server includes the following user groups:

  • admins

    Contains administrative users with the Jenkins Administer permission.

  • Authenticated Users

    Includes all users authenticated through the DriveTrain OpenLDAP server. This group has no permissions configured by default.

The Matrix-based security plugin enables the operator to configure the following types of permissions:

  • Overall

    Either Administer or Read permissions can be set overall.

  • Credentials

    Permissions to create, delete, update, and view authentication credentials, and manage domains.

  • Gerrit

    Permissions to manually trigger and retrigger Gerrit integration plugin to run specific jobs normally initiated by the plugin.

  • Agents

    Permissions to manage Jenkins agents on worker nodes.

  • Job

    Permissions for specific operations on Jenkins jobs, including build creation, configuration, and execution.

  • Run

    Permissions to run and rerun jobs.

  • View

    Permissions to manage views in the Jenkins UI.

  • SCM

    Permissions to use SCM tags.

  • Metrics

    Permissions to view and configure metrics.

  • Lockable resources

    Permissions to reserve and unlock lockable resources manually.

  • Artifactory

    Permissions to use the Artifactory integration plugin (only if Artifactory is installed).

To configure the Matrix-based Security Authorization:

  1. Log in to the Jenkins web UI as an administrator using the FQDN of your cloud endpoint and port 8081. For example, https://cloud.example.com:8081.

  2. Navigate to Manage Jenkins > Configure Global Security.

  3. Scroll to the Authorization section to view and change the Matrix-based security settings.