Jenkins Security: Enabling Security & Project Security Matrix

By Sruthy

By Sruthy

Sruthy, with her 10+ years of experience, is a dynamic professional who seamlessly blends her creative soul with technical prowess. With a Technical Degree in Graphics Design and Communications and a Bachelor’s Degree in Electronics and Communication, she brings a unique combination of artistic flair…

Learn about our editorial policies.
Updated March 7, 2024

This Video Tutorial Explains Jenkins Security, Authentication, Authorization and Enabling Project Security Matrix:

In our previous tutorial, we have learned about Jenkins job and it’s different types, configuring the SCM with Jenkins, different types of the trigger, how to associate a Maven project with Jenkins, how to schedule a job by selecting build periodically and how to poll the SCM.

In this article, we will cover the topics like securing Jenkins, enabling Security in Jenkins, Authentication or security realm, Authorization, Creating an admin user and giving privileges, Enabling project security matrix.

=> Take A Look At The Jenkins Beginners Guide Here

Securing Jenkins

Jenkins Security: Video Tutorial

Here is a Video Tutorial:

Enabling Security In Jenkins

Jenkins server supports several security models.

For smaller organizations, it may not be that important with close proximity within the developers. But still, security is required to protect the access of Jenkins for the outsiders.

The security for larger organizations becomes even stricter as there will be multiple teams and access needs to be given to developer teams and system admins.

The following are the simple steps to enable or activate security in Jenkins:

#1) Log in to Jenkins

#2) Click on Manage Jenkins and Configure Global Security in Jenkins dashboard as shown in Figure 1.

Figure.1 Jenkins dashboard showing Manage Jenkins and Configure global security
Figure 1: Jenkins Dashboard showing Manage Jenkins and Configure Global Security

#3) Check the Enable security option, check use “Jenkins own user database” under security realm or authentication, and Authorization check “Logged in user can do anything”. Also, check the “Allow users signup”. This security form is the simplest one and beneficial for smaller teams. Refer to the below Figure 2 for an understanding of security settings.

Figure2 Settings in configure global security
Figure 2: Settings in Configure global security

Authentication Or Security Realm

This lets us identify and manage users on Jenkins. There are many ways we can do this. The simplest way is using Jenkins’s local database. This lets us set up the authentication for smaller organizations.

Others are being:

  1. Jenkins own user database
  2. Delegate to the servlet container
  3. LDAP

Jenkins own user database: Here, the users can sign up using the signup link. All these users can be authenticated against the local database when logged in. Based on security, we can gauge what the users can do. To find the users click on People link as shown in Figure 3 below.

Figure 3 Users list in Jenkins using people link
Figure 3: Users list in Jenkins using people link

To find the build details of the users click on the User and then click on Builds as shown in Figure 4.

Figure 4 To find the builds triggered by people
Figure 4: To find the builds triggered by people.

To configure the password, email details of the users, click on configure as shown in Figure 5.

Figure 5 Set the password and email in configure
Figure 5: To set the Password and Email in configuring

Authorization

Once users are authenticated, it’s time to grant the privilege to them. This process is called Authorization. There are many ways of authorization. The simplest being that the logged-in user can do anything. Other complicated once are project-based authorization.

Various ways of authorization include:

  • Anyone can do anything
  • Legacy mode
  • Logged-in users can do anything
  • Matrix-based security
  • Project-based Matrix authorization strategy

Figure 6 Various kinds of Authorization roles
Figure 6: Various kinds of Authorization Roles

Creating An Admin User And Giving Privileges

To create an admin first click on the Signup link on the Jenkins dashboard and then fill in the details as shown in Figure 7 below.

Figure 7 Creating administrator
Figure 7: Creating the Administrator

Then click on the Sign up button. It will get you logged in as admin.

Now to grant privileges, click on:

  • Manage Jenkins and Configure Global Security.
  • In project-based Matrix Authorization Strategy, add admin we created and grant all the privileges to it as shown in Figure 8 below:

Figure 8 Granting privileges for administrator
Figure 8: Granting privileges for administrator

Enabling Project Security Matrix

After adding the administrator, the users can be added and required roles can be assigned to them as shown in Figure 9.

Figure 9 Assigning roles to the users
Figure 9: Assigning roles to the users

Conclusion

In this tutorial we have learned about Security necessity, Authentication or security realm Authorization, Creating admin user and creating privileges, Creating a project-based matrix.

In the next tutorial, we will learn about distributed builds with Jenkins.

=> Read Through The Easy Jenkins Training Series

Was this helpful?

Thanks for your feedback!

Leave a Comment