Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update readme content roles description #75

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Update readme content roles description #75

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4ee296b
FEAT Adding roles description table
Jun 9, 2021
58948c6
FIX Role description edited
Jun 9, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 56 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,3 +33,59 @@ as the 'Component'.
## Changelog

See [GitHub Releases](https://github.com/jenkinsci/folder-auth-plugin/releases)

## Roles Permission Table

| Role Name | Role Type | Description |
| -------------------------- | ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Credentials/Create | Global/Folder Role | "The create permission is necessary to add credentials to a credentials provider." |
| Credentials/Delete | Global/Folder Role | "The delete permission is necessary to remove credentials stored in a credentials provider." |
| Credentials/ManageDomains | Global/Folder Role | "The manage domains permission is necessary to add/remove/configure the credential domains of a credentials provider (where the credentials provider supports multiple credential domains)." |
| Credentials/Update | Global/Folder Role | "The update permission is necessary to modify credentials in a credentials provider." |
| Credentials/UseItem | Global/Folder Role | "Where an immediate action against a job requires that a credential be selected by the user triggering the action, this permission allows the user to select a credential from those credentials available within the scope of the job. Immediate actions could include: building with parameters, tagging a build, deploying artifacts, etc." |
| Credentials/UseOwn | Global/Folder Role | "Where an immediate action against a job requires that a credential be selected by the user triggering the action, this permission allows the user to select a credential from their private credential store. Immediate actions could include: building with parameters, tagging a build, deploying artifacts, etc." |
| Credentials/View | Global/Folder Role | "The view permission is necessary to view the credentials stored in a credentials provider." |
| Agent/Build | Global Role | This permission allows users to run jobs as them on agents. |
| Agent/Configure | Global Role | This permission allows users to configure agents. |
| Agent/Connect | Global Role | This permission allows users to connect agents or mark agents as online. |
| Agent/Create | Global Role | This permission allows users to create agents. |
| Agent/Delete | Global Role | This permission allows users to delete existing agents. |
| Agent/Disconnect | Global Role | This permission allows users to disconnect agents or mark agents as temporarily offline. |
| Agent/ExtendedRead | Global Role | This permission allows users to read agent configuration. |
| Agent/Provision | Global Role | Provision new nodes |
| Overall/Administer | Global Role | This permission grants the ability to make system-wide configuration changes, as well as perform highly sensitive operations that amounts to full local system access (within the scope granted by the underlying OS.) |
| Overall/Manage | Global Role | This permission grants the ability to configure parts of the overall system configuration that are not expected to have an impact on the overall stability and security of the system. |
| Overall/Read | Global Role | The read permission is necessary for viewing almost all pages of Jenkins. This permission is useful when you don’t want unauthenticated users to see Jenkins pages: revoke this permission from the anonymous user, then add "authenticated" pseudo-user and grant the read access. |
| Overall/SystemRead | Global Role | This permission grants read-only access to large parts of the overall system configuration. |
| Job/Build | Global/Folder Role | "This permission grants the ability to start a new build." |
| Job/Cancel | Global/Folder Role | "This permission grants the ability to cancel a scheduled, or abort a running, build." |
| Job/Configure | Global/Folder Role | "Change the configuration of a job." |
| Job/Create | Global/Folder Role | "Create a new job." |
| Job/Delete | Global/Folder Role | "Delete a job." |
| Job/Discover | Global/Folder Role | "This permission grants discover access to jobs. Lower than read permissions, it allows you to redirect anonymous users to the login page when they try to access a job url. Without it they would get a 404 error and wouldn't be able to discover project names." |
| Job/ExtendedRead | Global/Folder Role | "This permission grants read-only access to project configurations. Please be aware that sensitive information in your builds, such as passwords, will be exposed to a wider audience by granting this permission." |
| Job/Move | Global/Folder Role | "Required to move a job from one folder (or Jenkins root) to another." |
| Job/Read | Global/Folder Role | "See a job. (You may deny this permission but allow Discover to force an anonymous user to log in to see the job.)" |
| Job/WipeOut | Global/Folder Role | "This permission grants the ability to wipe out the contents of a workspace." |
| Job/Workspace | Global/Folder Role | "This permission grants the ability to retrieve the contents of a workspace Jenkins checked out for performing builds. If you don’t want a user to access files in the workspace (e.g. source code checked out from SCM or intermediate build results) through the workspace browser, you can revoke this permission." |
| Run/Artifacts | Global/Folder Role | "This permission grants the ability to retrieve the artifacts produced by builds. If you don’t want an user to access the artifacts, you can do so by revoking this permission." |
| Run/Delete | Global/Folder Role | "This permission allows users to manually delete specific builds from the build history." |
| Run/Replay | Global/Folder Role | "Ability to perform a new Pipeline build with an edited script." |
| Run/Update | Global/Folder Role | "This permission allows users to update description and other properties of a build, for example to leave notes about the cause of a build failure." |
| View/Configure | Global/Folder Role | "This permission allows users to change the configuration of views." |
| View/Create | Global/Folder Role | "This permission allows users to create new views." |
| View/Delete | Global/Folder Role | "This permission allows users to delete existing views." |
| View/Read | Global/Folder Role | "This permission allows users to see views (implied by generic read access)." |
| SCM/Tag | Global/Folder Role | "This permission allows users to create a new tag in the source code repository for a given build." |
| Metrics/HealthCheck | Global/Folder Role | "This permission grants access to the health check functionality of the Metrics servlet. Please be aware that depending on the nature of the health checks in your system,this could be abused to deliver a denial of service attack if the credentials of a user with this permission become compromised." |
| Metrics/ThreadDump | Global/Folder Role | "This permission grants read-only access to the thread dump functionality of the Metrics servlet. Please be aware that potentially sensitive information in your stack trace, such as job names, will be exposed to users with this permission." |
| Metrics/View | Global/Folder Role | "This permission grants read-only access to the Metrics servlet. Please be aware that potentially sensitive information in your stack trace, such as job names, will be exposed to a wider audience by granting this permission." |
| Lockable Resources/Reserve | Global/Folder Role | "This permission grants the ability to manually reserve lockable resources outside of a build." |
| Lockable Resources/Unlock | Global/Folder Role | "This permission grants the ability to manually unlock resources that have been locked by builds." |
| Lockable Resources/View | Global/Folder Role | "This permission grants the ability to view lockable resources."

### Role Type Description

**Global Role** - Role attribute available in _Global Role Section_

**Folder Role** - Role attribute available in _Folder Role Section_