This Video Tutorial Explains Jenkins Security, Authentication, Authorization and Enabling Project Security Matrix:
In our previous tutorial, we have learned about Jenkins job and it’s different types, configuring the SCM with Jenkins, different types of the trigger, how to associate a Maven project with Jenkins, how to schedule a job by selecting build periodically and how to poll the SCM.
In this article, we will cover the topics like securing Jenkins, enabling Security in Jenkins, Authentication or security realm, Authorization, Creating an admin user and giving privileges, Enabling project security matrix.
What You Will Learn:
Jenkins Security: Video Tutorial
Here is a Video Tutorial:
Enabling Security In Jenkins
Jenkins server supports several security models.
For smaller organizations, it may not be that important with close proximity within the developers. But still, security is required to protect the access of Jenkins for the outsiders.
The security for larger organizations becomes even stricter as there will be multiple teams and access needs to be given to developer teams and system admins.
The following are the simple steps to enable or activate security in Jenkins:
#1) Log in to Jenkins
#2) Click on Manage Jenkins and Configure Global Security in Jenkins dashboard as shown in Figure 1.
#3) Check the Enable security option, check use “Jenkins own user database” under security realm or authentication, and Authorization check “Logged in user can do anything”. Also, check the “Allow users signup”. This security form is the simplest one and beneficial for smaller teams. Refer to the below Figure 2 for an understanding of security settings.
Authentication Or Security Realm
This lets us identify and manage users on Jenkins. There are many ways we can do this. The simplest way is using Jenkins’s local database. This lets us set up the authentication for smaller organizations.
Others are being:
- Jenkins own user database
- Delegate to the servlet container
Jenkins own user database: Here, the users can sign up using the signup link. All these users can be authenticated against the local database when logged in. Based on security, we can gauge what the users can do. To find the users click on People link as shown in Figure 3 below.
To find the build details of the users click on the User and then click on Builds as shown in Figure 4.
To configure the password, email details of the users, click on configure as shown in Figure 5.
Once users are authenticated, it’s time to grant the privilege to them. This process is called Authorization. There are many ways of authorization. The simplest being that the logged-in user can do anything. Other complicated once are project-based authorization.
Various ways of authorization include:
- Anyone can do anything
- Legacy mode
- Logged-in users can do anything
- Matrix-based security
- Project-based Matrix authorization strategy
Creating An Admin User And Giving Privileges
To create an admin first click on the Signup link on the Jenkins dashboard and then fill in the details as shown in Figure 7 below.
Then click on the Sign up button. It will get you logged in as admin.
Now to grant privileges, click on:
- Manage Jenkins and Configure Global Security.
- In project-based Matrix Authorization Strategy, add admin we created and grant all the privileges to it as shown in Figure 8 below:
Enabling Project Security Matrix
After adding the administrator, the users can be added and required roles can be assigned to them as shown in Figure 9.
In this tutorial we have learned about Security necessity, Authentication or security realm Authorization, Creating admin user and creating privileges, Creating a project-based matrix.
In the next tutorial, we will learn about distributed builds with Jenkins.