Jenkins — How to create Users + Manage + Assign Roles (Part 2)
In this tutorial, we are going to learn How to do simple configurations for Jenkins. Here are the points which I am going to explain in this tutorial.
- How to create new Users?
- How to configure Users?
- How to create new Roles?
- How to assign users to Roles?
- How to control user access on Projects?
First of all, make sure whether your Jenkins server is up and running. Please go through my previous tutorial for getting up and running the Jenkins server.
Once you run the Jenkins server it will start on default 8080 port. Go to the browser and type http://localhost:8080/.
Use “admin” as the username and give the auto-generated password which we get in the previous tutorial.
Admin user is the default user which is created as soon as you are installed, Jenkins.
How to create new Users?
If you want to create a new User in Jenkins you need to go to
Manage Jenkins-> Manage Users
As of now, you can see there is one User called Admin. If you want to create new Users click Create User option.
Then you just need to give Username, Password, and Full Name. Enter those details and click Create User button.
User1 is created. Here I am creating another user which is called User2.
Now let us try to login using any of these newly created Users.
Success!
How to configure Users?
On the right top corner, there is the Username. Besides that, there is a dropdown. Just go to the “Configure” option. Now here you will come to the configure window of Jenkins for the particular User. Here you can,
- Change the Username
- Add any Description
- Get the API token for the specific User
- Change your Password
- Can set any public-key authentication
How to create new Roles?
In general, we can define roles to every user. For example, Admin User has all the roles such as defining roles, create Users, configure the system, give access to the projects, and so on. The manager only can view the projects. Developers should be able to do make changes to the specific project and Testers should be able to access only to the Testing projects. So how can we manage that? To do that we have a plugin called Roles Strategy plugin.
To get this plugin there are 2 ways,
- Manually download plugin
- Download and install via Jenkins
If you are willing to download and install manually use this link to download the plugin.
After downloading the plugin you need to add it to the C:\Program Files (x86)\Jenkins\plugins folder. Then just restart the Jenkins server.
But we can download and install the plugin using Jenkins itself. Go to
Manage Jenkins -> Maganage Plugins
Just go to the Available section and search Roles Strategy plugin. Then this plugin will be listed out here then click on Download now and install after restart. I am not getting this here in the picture because I have already installed the plugin and it is inside the Installed section. Also, you can upload the plugin which is already installed in the previous section. Just go to the Advanced section and choose the file to upload the plugin.
Now I have already installed the plugin. Let’s see how to use it. Goto
Manage Jenkins -> Configure Global Security In the Authorization section, you will now find a Role-based Strategy (This option only comes after that the plugin is installed and Jenkins is restarted). You have to select that. Click Apply and Save.
Okay Cool!. Now let’s login as a User1 and see what happens.
Now, User1 cannot access to the Jenkins because we are now using Role-based Strategy. We need to define a role to this User.
Let me log in as an Admin and define Roles and assign them to Users.
Now go to,
Manage Jenkins -> Manage and Assign Roles -> Manage Roles NOTE: This will get only after you select the Role-Based Strategy in the Authorization section.
Here you can see 2 roles to define.
Global Roles — Provide authorization and access to the Global Level. I can add the Role name as “employee” and I can control what access I need to give this role. I want that employee should have overall read access and overall view access.
Item Roles — Provide roles specific to a project. I am adding a role called developer and add a pattern like Dev.* in this section. What does this pattern mean is when a person who is having a role as a developer should be able to access the projects which have their name starting like Dev. Now he is not able to view or make changes to any other projects. Furthermore, I am adding a tester Role and add a pattern like Test.*also. Give all the Job permissions to them.
Now let’s assign the roles to our already created Users.
How to assign users to Roles?
Go to,
Manage Jenkins -> Manage and Assign Roles -> Assign RolesLike the Manage Roles section, there are 2 sections.
- Global Roles — Please add User1 and User2 to the Global Roles. And select the employee role to both users.
- Project Roles — Please add User1 and User2 to the Item Roles and assign User1 as a Developer and User2 as a Tester.
How to control user access on Projects?
Now we have created all the roles and we assigned them to Users. Let’s create 2 projects and check the access according to the Users. Go to,
New Item -> Enter an Item Name Just create 2 Freestyle projects called DevProject1 and TestProject1.
Now you can see already created 2 projects in the Dashboard.
As you can remember User1 as a Developer can only access the projects which are having the name starting like “Dev”. Also, User2 as a Tester can only access the projects which are having the name starting like “Test”. Let us now validate that. Test log in as User1 and User2.
User1 — Kasun Dissanayake (Developer)
Here you can see this user only can access the DevProject1 and he does not have any access to the Manage Jenkins menu.
User2— Dulmina Renuke (Tester )
Here you can see this user only can access the TestProject1 and he does not have any access to the Manage Jenkins menu.
So this is all about the Create Users, Manage Users, Assign Roles to the Users and Control Authentication and Authorization in Jenkins. I hope you will get a great understanding of Jenkins.
Thank You!
