Jenkins: The Definitive Guide by John Ferguson Smart

Jenkins supports several security models, and can integrate with several user repositories. In smaller organizations, where developers work in close proximity, security on your Jenkins machine may not be a large concern—you may simply want to prevent unidentified users tampering with your build job configurations. For larger organizations, with multiple teams, a stricter approach might be required, where only team members and system administrators are allowed to modify their build job configurations. And in situations where the Jenkins server may be exposed to a broader audience, such as on an internal corporate website, or even on the Internet, certain build jobs may be visible to all users whereas others will need to be hidden to unauthorized users.

In this chapter, we will look at how to configure different security configurations in Jenkins, for different environments and circumstances.

Setting up basic security in Jenkins is easy enough. Go to the main configuration page and check the Enable security checkbox (see Figure 7-1). This will display a number of options, that we will investigate in detail in this chapter. The first section, Security Realms, determines where Jenkins will look for users during authentication, and includes options such as using users stored in an LDAP server, using the underlying Unix user accounts (assuming, of course, that Jenkins is running on a Unix machine), or using a simple built-in ...