I was hoping if there was an easy way to create Hudson users, so they are required to log in.
And if they are not logged in they are only able to view build statuses. Nothing else.
Please and thank you
From the main hudson page:
Click on Manage Hudson on the left
Click on Configure System
Check Enable Security
Set up your users and Permissions!
You can use Matrix-based security to give specific users certain permissions, and then use the "Anonymous" row for those not logged on.
Related
I'm currently searching for a way to grant specific users permissions to only use and manage the features listed ind the Test Plans tab in azure devops. So users in this group/team should not be able to see releases, builds, code and all the other stuff in the current project.
Is there a Way to achieve this?
Thanks
There is no default way to disable services of Repos, Pipeline, etc. You need to set the permission for each resource by referring to the following link:
https://learn.microsoft.com/en-us/azure/devops/organizations/security/permissions?view=azure-devops&tabs=preview-page
For example, make users not see the repo, you can deny the "Read" permission for the repo:
YouTrack has a built in role called "Developer" which is assigned to two users. That role allows users to edit issues and change state.
However one of the users is not able to perform these operations although the permissions granted are exactly the same.
We tried the following options:
matching all groups, roles, permissions for both users
clearing browser cache
logging out and logging in
logging in to another machine
restarting YouTrack
But none worked.
Is there a known issue with permissions?
This is YouTrack 7 standalone.
EDIT : Saw a similar issue reported here https://youtrack-support.jetbrains.com/hc/en-us/community/posts/203931930-Developer-Role-Permissions
Looks like your permission management is out of sync. Please go to Hub Integration page and click on 'Sync' button. This operation will sync internal YouTrack accounts and permissions with Hub accounts and permission (where you are actually setting them up).
We work with a group of contractors that need access to our TFS 2010 server. I've got Active Directory running for our office, so every user has an AD account. Is there a way the TFS users can change their passwords through TFS? I've changed passwords before by having users RDP into computers and changing their account information there, but I'd rather not give the contractors RDP access (they just don't need it).
I tried selecting "user mush change password at next login", but TFS seems not to respond to that.
The only login vehicle the contractors use is TFS.
Thanks
That's correct, TFS doesn't provide a mechanism to change passwords. Your users will need to use some integration to Active Directory to change their password. It needn't necessarily be through an RDP session, as long as they can hit Active Directory's LDAP server, you should be able to allow this.
IIS ships with a tool called IISADMPWD that lets users change their password over the web.
In addition, you can build your own tool to change the password, like other people have done in PowerShell or perl. In addition, there appear to be various commercial tools to enable this.
I can configure Jenkins so it limits access to users on my ldap server by setting the Server and Root DN without a problem.
Now I want to tie down access a little more and only allow access to members of the groupOfNames cn=MyProject,ou=Group,dc=bogus,dc=biz, but I don't see how to do that in Jenkins.
Can someone explain how they configured Jenkins or Hudson to handle something like this ?
Thanks !
NOTE: I'm not sure if this would work for LDAP (we use active directory)
In the project configuration page, check Matrix-based security.
Remove all access for anonymous
Add your 'groupOfNames' to the "user/group to add" and give them the rights you want to.
Any user in that group should get the rights you assign. This is how we did it.
Old thread, I know. I got it working by installing the memberof and refint overlays on the OpenLDAP server (2.4.31) and setting the User Search Base on Jenkins to filter the result, i.e.
(&(uid={0})(memberOf=cn=MyGroupName,ou=group,dc=mydomain,dc=com))
I have various projects being built and tested periodically on a Hudson server, but I don't want every employee in the company to see published artifacts for every project.
Project-based matrix security seemed at first the key, but after many tests I find that granting overall read permissions is mandatory if you want users to be able to read anything in the hudson server.
So, in the end read permissions are binary: either you grant global read permission or you block everything, am I right?
Haven't it tested with the newest release, but I use the matrix setup. I gave Anonymous the overall read. This way they can see the login screen when they type {{http://servername:port/}} but does not give them access to the jobs. In the jobs themselves I configured the users that should actually see the job. Works like a charm.
UPDATE:
Meanwhile I found out that you can use authenticated instead of Anonymous. This enabled access to Hudson/Jenkins through the links in the Build failed messages. Now everyone gets the logon dialog and after signing in, they are right away at the job run of interest.
After trying to do something similar to you with Hudson's authorization settings, I came to the same conclusion you did.