To save your Jenkins master you need to enable security and access restriction for the set of peoples, define permissions for selected projects so that different people have access to different sets of projects. which is quite easy by using the Jenkins plugins. Jenkins offers a number of configuration options and plugins for better security and access control.
In our previous article, we have installed Jenkins in windows and automate the task from Jenkins CLI. In this article, we will cover Jenkins configuration for Active Directory to control anonymous users to unnecessary login to Jenkins server, With the help of some plugin and configuration we can restrict and allow them to log in with their Domain accounts and control user permission to different jobs and projects by using the Role-Based Security plugin.
If your organization using active directory for access control Jenkins offer the way to implement access control using Active Directory Plugin. To install this plugin just go to Manage Jenkins > Available plugin tab search for Active Directory Plugin. Let install and restart the Jenkins instance. Once Jenkins back up and running navigate to Configure Global Security under manage Jenkins.
Under Configure Global Security select Enable Security and then select radio button for Active Directory Fill the Domain Name and other required fields and click for Test Domain and then add Domain and save the setting.
Once you configure Jenkins with Active Directory you need to authorize AD user who had access to login Jenkins GUI and provide permission for other Jenkins configurations like admin access, read-only access.
To provide authorization for user click on project-based matrix under Configure Authorization and add the new user and provide permission whatever is needed.
Now log out and log in with new AD user.
Hiding Jobs and Project
Once you configure all roles and permission then you can start some more interesting tricks. Suppose you have some job which you want to hide from other user or you don’t want to show some critical job to some different team users.
Select any Jenkins job which you want to hide from other user click on configure under General tab select Enable Project-base security and add the user whomever you want to provide permission for this job.
By doing this if other user logins they will not able to see this job in their dashboard. The only user which you have given permission can able to see this job on their dashboard.
So, by doing this setting you can secure your Jenkins environment by unnecessary user access and even distribute projects to different sets of the user based on their role.
Wrapping up: So we can secure our Jenkins jobs and access permission by using the Active Directory plugin and role-based authorization or by hiding job from other users.