Role Strategy Plugin

Adds a new role-based strategy to manage users' permissions.

New homepage
This plug-in is being maintained by its owner/maintainers from a new home. The plug-in is still compatible with Hudson, however, the entry points for documentation and issue reporting have been combined in order to provide a single point of entry.


Plugin Information

Plugin ID role-strategy
Latest Release 1.1.3-h-2
Latest Release Date Apr 3, 2013
Sources [External| ]
Support Eclipse Hudson Forum
Issue Tracking Eclipse Bugzilla

Quick Overview

This plugin adds a new role-based strategy to ease and fasten users management. This strategy allows:

  • Creating global roles, such as admin, job creator, anonymous, etc., allowing to set Overall, Slave, Job, Run, View and SCM permissions on a global basis.
  • Creating project roles, allowing to set only Job and Run permissions on a project basis.
  • Assigning these roles to users.

User guide

Using the plugin is fairly simple:

  1. Activate the Role-Based Strategy by using the standard Manage Hudson > Configure System screen
  2. Define and assign roles by using the Manages Roles item which appears in the Manage Hudson screen:

You then get two options:

  • Manage Roles is the place where to set up roles:

There's nothing much to say here, this is self-explanatory. The only tricky field is the Pattern one. This field consists in a regular expression aimed at matching the jobs which the role will apply to. For example, if you set the field to "Roger-.", then the role will match all jobs which name starts with "Roger-". Note that the pattern is case-sensitive. To perform a case-insensitive match, use (?i) notation: upper, "Roger-.*" vs. lower, "roger-.*" vs. case-insensitive, "(?i)roger-.*".

  • Assign Roles is the place where to assign the defined roles to users:

Global Roles vs. Project Roles

It should be noted that the Global Roles override anything you specify in the Project Roles. That is, when you give a role the right to Job-Read in the Global Roles, then this role is allowed to read all Jobs, no matter what you specify in the Project Roles.

It may therefore be advisable to leave most (all) options unchecked in Job, Run and SCM in the Global Roles section for normal users.

Labels:

plugin-misc plugin-misc Delete
plugin-user plugin-user Delete
tier3-compat-plugin tier3-compat-plugin Delete
Enter labels to add to this page:
Wait Image 
Looking for a label? Just start typing.
  1. Oct 01, 2010

    Giuliano Ribeiro says:

    Hello, first of all, congratulations you are the first to create a good plugin t...

    Hello, first of all, congratulations you are the first to create a good plugin to reorganize how Hudson works with user/group/permissions.

    Second, I have a question, how can I configure a role to have permissions on 2 projects with diferent names, like ProjectABC and BuildMyProject? how to put it on Pattern field?

    1. Oct 05, 2010

      Romain Seguy says:

      Simply build a regular expression which fits that: (ProjectABC.*|BuildM...

      Simply build a regular expression which fits that: (ProjectABC.*|BuildMyProject.*)

  2. Oct 11, 2010

    Domi says:

    Is it possible to add new roles/users via CLI or remote API? The problem is, th...

    Is it possible to add new roles/users via CLI or remote API?

    The problem is, that we need to do this fully automated and by updating the configuration file directly, we would have to restart hudons after a modification right?

    1. Oct 15, 2010

      Romain Seguy says:

      No it's not possible yet (+ yes, you're right, you would have to restart Hud...

      No it's not possible yet (+ yes, you're right, you would have to restart Hudson). May you create a JIRA ticket for that please? I've just requested through the ML for the creation of the JIRA role-strategy component.

  3. Oct 25, 2010

    Michael Leopoldseder says:

    I'm trying to add a project role with a role name and a regular expression. When...

    I'm trying to add a project role with a role name and a regular expression. When pressing the add button, nothing happens.
    I tried it also with a regular expression ".*" which should cover all my projects, but even then, nothing happens.
    TRied to check Hudson log files, but no output found from plugin.

    1. Oct 27, 2010

      Romain Seguy says:

      Please create an issue in JIRA with screenshots + the technical configuration.

      Please create an issue in JIRA with screenshots + the technical configuration.

  4. Nov 19, 2010

    valley antoine says:

    Hello, this is a very nice plugin. On my local hudson configuration, your Howe...

    Hello, this is a very nice plugin.

    On my local hudson configuration, your

    However, on the production server, I encounter a problem.

    On the main board (with the project list), I'm always asked to enter my login/password even when I'm already logged in.

    Sometimes, i can access this page, but can't explain when and why.

    Strangely, I have no problem to access other pages (configuration, users...)

    Configuration :

    Customed Hudson v1.364 (no major changes)

    I'm using an LDAP based anthentication + LDAP groups

    I have some users in several groups.

    Thank's in advance for your advice

  5. Nov 19, 2010

    valley antoine says:

    Hello again, Just to say there are some small mistakes in the french property f...

    Hello again,

    Just to say there are some small mistakes in the french property file :

    You wrote "&ocric;" instade of "&ocirc ;" (I added a space in order to make it appear)

    Bye

    1. Nov 23, 2010

      Romain Seguy says:

      Hi, Thanks for reporting the typo. I've fixed that locally and will commit once...

      Hi,

      Thanks for reporting the typo. I've fixed that locally and will commit once SVN is fully back.

      May you next time create an issue in JIRA to report bugs/request enhancements?

      Regards.

  6. Nov 19, 2010

    valley antoine says:

    Ok, you will never believe me about the previous bug (asking me to authenticate ...

    Ok, you will never believe me about the previous bug (asking me to authenticate myself) :

    There is certainly a bug with Firefox. Here are the steps :

    Configuration :

    - Firefox 3.0.19

    - Internet Explorer 7

    1 - I log in on firefox

    --> I have the error

    2 - I open Internet Explorer

    3 - I log in with IE (same user or not makes no difference)

    --> No error on IE

    4 - I go back on Firefox

    5 - I refresh the page

    --> No error !

    If I logout and login again on Firefox --> The bug come back

    It's just like the privileges index is not well refreshed when loggin with Firefox

    That's kind of magic

    (Still no bug on local)

    1. Nov 23, 2010

      Romain Seguy says:

      OK. Kindly create an issue in JIRA (if not already there) for the Hudson core c...

      OK.

      Kindly create an issue in JIRA (if not already there) for the Hudson core component (since it's not related to the Role Strategy plugin).

  7. Nov 22, 2010

    Raghuram says:

    Hi, Thanks for this plugin - it is very useful. I recently upgraded to version 1...

    Hi,
    Thanks for this plugin - it is very useful.
    I recently upgraded to version 1.386 of hudson. I'm not able to add roles/group at project level.
    I click on the "add" button & nothing happens.

    Can any one confirm?

    Thanks,

    1. Nov 23, 2010

      Romain Seguy says:

      Which browser are you using? It highly depends on it. E.g., it works fine on Fir...

      Which browser are you using? It highly depends on it. E.g., it works fine on Firefox 4.0 but not on Internet Explorer 6.0.

  8. Jan 07, 2011

    Hendryk Bockelmann says:

    I really like this plugin since it allows to hide some 'internal' jobs (which ar...

    I really like this plugin since it allows to hide some 'internal' jobs (which are not fully tested or just meta-steps in a job chain) and show them only to authenticated users - thank you very much.

    But: if I set the global role for anonymous to

    <permission>hudson.model.Hudson.Read</permission>

    and then add a project role to some jobs with

    <permission>hudson.model.Item.Read</permission>

    the anonymous user can not only see the jobs I granted to him, but also the sidebar information! This might cause some trouble since the sidebar shows the build executors and in my case also the userContent directory on the hudson server. Is it possible the restrict the view on the sidebar in the same fashion as for projects?

    1. Jan 07, 2011

      Romain Seguy says:

      How have you added the userContent dir in the sidebar? Is it a plugin or a direc...

      How have you added the userContent dir in the sidebar? Is it a plugin or a direct modification to Hudson core? In both cases, what you have to do is to add a new permission or to reuse an existing one in order to protect your sidebar.

      1. Jan 09, 2011

        Hendryk Bockelmann says:

        Thanx for your help, I added the userContent via the Sidebar-Link Plugin. Could ...

        Thanx for your help, I added the userContent via the Sidebar-Link Plugin. Could be please be a bit more concrete how to add a new permission? Do I have to modify the source of the plugin or of Hudson core?

  9. Feb 10, 2011

    Christopher Shelley says:

    I've been attempting to use this plugin on a project of mine, but it doesn't see...

    I've been attempting to use this plugin on a project of mine, but it doesn't seem to work at all.  I've gone through and created 2 users (to start off with) and despite how I create the project roles, both users can see the other's projects.  Is there a specific Security Realm that's needed? I've tried this with both 'Delegate to servlet container'  and 'Hudson's own user database' with no luck.