# Matrix Authorization Strategy Plugin
Implement fine-grained access control in Jenkins with this plugin.
For a basic introduction, see [the section on Matrix Authorization in the Jenkins handbook](https://jenkins.io/doc/book/managing/security/#authorization).
## Changelog
See [GitHub Releases](https://github.com/jenkinsci/matrix-auth-plugin/releases) (2.6.5 and newer only) or [CHANGELOG](CHANGELOG.md) (before 3.0 only).
## Use Cases
Matrix Authorization allows configuring the lowest level permissions, such as starting new builds, configuring items, or deleting them, individually.
### Project-based configuration
Project-based matrix authorization allows configuring permissions for each item or agent independently.
Permission applying to such items or agents that are granted in the global configuration apply to all of them, unless they don't inherit global permissions (see below).
### Permission inheritance
With project-based matrix authorization, permissions are by inherited from the global configuration and any parent entities (e.g. the folder a job is in) by default.
This can be changed.
Depending on the entity being configured, all or a subset of the following _inheritance strategies_ are available:
* Inherit permissions:
This is the default behavior.
Permissions explicitly granted on individual items or agents will only add to permissions defined globally or in any parent items.
* Inherit global configuration only:
This will only inherit permissions granted globally, but not those granted on parent folders.
This way, jobs in folders can control access independently from their parent folder.
* Do not inherit permissions:
The most restrictive inheritance configuration.
Only permissions defined explicitly on this agent or item will be granted.
The only exception is Overall/Administer:
It is not possible to remove access to an agent or item from Jenkins administrators.
### Configuration as Code and Job DSL support
Matrix Authorization Strategy Plugin has full support for use in Configuration as Code and Job DSL.
For an example combining the two, see [this `configuration-as-code.yml` test resource](https://github.com/jenkinsci/matrix-auth-plugin/blob/master/src/test/resources/org/jenkinsci/plugins/matrixauth/integrations/casc/configuration-as-code.yml).
## Caveats
When using project-based matrix authorization, users granted permission to configure items or agents will be able to grant themselves all other permissions on the item or agent.
These would be inherited unless specifically disabled.
Beyond the above, administrators implementing fine-grained permissions control need to be aware of interactions between permissions, and certain overlap between them.
Some examples:
* A user not granted read access to Jenkins in general will not be able to use most of the other permissions they've been granted -- likely none of them.
* A user not granted read access to a job will not be able to start new builds, delete the job, configure the job, etc.
* When using global matrix authorization, users granted permission to configure jobs but not start them will still be able to configure the job to be periodically executed.
* Some permissions imply others.
Most notably, Overall/Administer implies (almost) all other permissions, but other implications exist:
For example, Job/Read implies Job/Discover.
Descriptions for permissions will note when a permission is either implied by a permission other than Overall/Administer, or when it is not implied by any other permission.
没有合适的资源?快使用搜索试试~ 我知道了~
Jenkins基于矩阵的授权策略_Java_HTML_下载.zip
共170个文件
java:43个
properties:43个
xml:31个
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 152 浏览量
2023-04-13
23:51:28
上传
评论
收藏 233KB ZIP 举报
温馨提示
Jenkins基于矩阵的授权策略_Java_HTML_下载.zip
资源推荐
资源详情
资源评论
收起资源包目录
Jenkins基于矩阵的授权策略_Java_HTML_下载.zip (170个子文件)
maven.config 52B
table.css 2KB
.gitignore 147B
config.groovy 917B
config.groovy 701B
config.groovy 576B
help_ru.html 2KB
help_ja.html 1KB
help_fr.html 1KB
help_tr.html 1KB
help_pt_BR.html 998B
help_de.html 997B
help.html 872B
help_zh_TW.html 864B
help_zh_CN.html 786B
help_de.html 661B
help_ja.html 582B
help-permissions.html 546B
help-grantedPermissions.html 521B
help.html 508B
help_zh_TW.html 471B
help_zh_CN.html 422B
help-permissions.html 392B
help-grantedPermissions.html 367B
Security2180Test.java 24KB
AmbiguityTest.java 16KB
AuthorizationContainer.java 15KB
ImportTest.java 12KB
ProjectMatrixAuthorizationStrategyTest.java 12KB
AuthorizationMatrixProperty.java 11KB
AmbiguityMonitor.java 11KB
AuthorizationMatrixProperty.java 10KB
GlobalMatrixAuthorizationStrategy.java 10KB
AuthorizationMatrixPropertyTest.java 9KB
AuthorizationContainerDescriptor.java 9KB
AuthorizationMatrixNodeProperty.java 8KB
ExportTest.java 8KB
AuthorizationMatrixPropertyTest.java 8KB
ValidationUtil.java 6KB
ReadOnlyTest.java 6KB
ProjectMatrixAuthorizationStrategy.java 6KB
FolderContributor.java 5KB
InheritanceMigrationTest.java 5KB
IdStrategyTest.java 5KB
AbstractAuthorizationPropertyConverter.java 4KB
AuthorizationPropertyDescriptor.java 4KB
AbstractAuthorizationContainerConverter.java 4KB
NonInheritingStrategy.java 4KB
InheritGlobalStrategy.java 4KB
PermissionEntry.java 4KB
InheritParentStrategy.java 4KB
AuthorizationMatrixNodePropertyTest.java 3KB
PermissionFinder.java 3KB
InheritanceStrategy.java 3KB
AuthorizationProperty.java 3KB
AuthorizationMatrixNodePropertyConfigurator.java 3KB
MatrixAuthorizationStrategyConfigurator.java 3KB
AuthorizationContainerDescriptorTest.java 2KB
DeprecationUtil.java 2KB
InheritanceStrategyDescriptor.java 2KB
PermissionAdderTest.java 2KB
AuthorizationType.java 2KB
OptionalMarker.java 1KB
ProjectMatrixAuthorizationStrategyConfigurator.java 1KB
GlobalMatrixAuthorizationStrategyConfigurator.java 1KB
Jenkins57313Test.java 1KB
Security410Test.java 974B
config.jelly 10KB
entries.jelly 2KB
index.jelly 2KB
entries.jelly 2KB
entries.jelly 2KB
message.jelly 1KB
entries.jelly 1KB
config.jelly 1KB
config.jelly 1KB
config.jelly 1KB
config.jelly 1KB
help-user-group_ja.jelly 670B
help-user-group.jelly 336B
help-user-group_zh_TW.jelly 287B
index.jelly 132B
Jenkinsfile 221B
table.js 11KB
legacyIds 0B
legacyIds 0B
CHANGELOG.md 14KB
README.md 3KB
permalinks 129B
permalinks 129B
Messages.properties 2KB
config_ru.properties 2KB
config_ja.properties 1KB
message.properties 1KB
config_zh_TW.properties 1KB
Messages_ja.properties 1KB
Messages_fr.properties 1KB
Messages_ru.properties 1KB
config_ja.properties 1KB
Messages_zh_TW.properties 1KB
共 170 条
- 1
- 2
资源评论
快撑死的鱼
- 粉丝: 1w+
- 资源: 9156
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功