How do I jenkins permission on a per job basis?

Question

Some jobs push to QA and some jobs push to Production.

Only devs should be allowed to push to QA and only QA should be allowed to push to production. Aside from making

Answer 1

1. Make sure the user account is created
2. Do not add that user to the global configuration security but do have project matrix enabled security enabled and authenticated users read access

3. Now go to the job and add that user and choose read.

4. You can now see that the user has only access to that specific job

Answer 2

You have to manage restrictions with the tools that Jenkins provides. If you have administrator status go to "Jenkins configuration" (picture 1) and then to "Manage and assign roles" (picture 2). Here you will see "Manage roles" and "Assign roles".

Use "Manage roles" to create/update roles and assign permissions to determined projects and also to manage the restrictions of each job. Use "Manage and Assign roles" to assign roles to users or to other groups.

Role/permission matrix:

Thus you can configure groups to administrate determined jobs, to execute other jobs or to simply have the ability to visit and see job details.

Answer 3

You need Project-based Matrix Authorization Strategy in Global Configuration, and on the Job Configuration, use Enable Project-based Security.

It's all explained here
Standard Security Explained

Answer 4

I just found the ownership based security method for doing per-job and per-node permissions. Not applicable in all situations but sometimes very useful - like when other teams are running few jobs on your team's instance.

Answer 5

You can use matrix-based security to achieve this.