You are viewing a plain text version of this content. The canonical link for it is here.

Posted to builds@apache.org by Stevo Slavić <ss...@gmail.com> on 2015/04/08 12:34:45 UTC

Access rights on Jenkins

Hello Apache Builds community,

Is there a reason that not all committers have immediate right granted to
create build jobs on Jenkins?

It would also be nice if things were automated, so when somebody becomes a
committer, adding her/him to appropriate project committers user group
would be all that needs to be done.

Then Jenkins could be configured also to give all rights to jobs matching
appropriate name.
E.g. grant all rights to "(?i)mahout.*" jobs for all Apache Mahout project
committers.

Currently process is all manual (as covered on
http://wiki.apache.org/general/Jenkins ), and initially committer has very
limited access, can just start build jobs, not even view job configuration.
Viewing build job output I think is accessible to the public.

Kind regards,
Stevo Slavic.

Re: Access rights on Jenkins

Posted by David Nalley <da...@gnsa.us>.

Yes.
As a general principle we try and minimize the access that folks have
in general to external-facing systems.
Jenkins is one of several CI platforms that the ASF makes use of, and
so it doesn't make sense to hand out access needlessly to the ~5000
committers, of which only 543 have requested access to Jenkins, and
only a small fraction of that number have used that access in the last
6 months.
Moreover, we've made this something that projects can manage
themselves (just like they have to manage access to svn/git and other
resources). So a chair could make this part of his karma granting
process to new committers if he/she so desired.

--David

On Wed, Apr 8, 2015 at 6:34 AM, Stevo Slavić <ss...@gmail.com> wrote:
> Hello Apache Builds community,
>
> Is there a reason that not all committers have immediate right granted to
> create build jobs on Jenkins?
>
> It would also be nice if things were automated, so when somebody becomes a
> committer, adding her/him to appropriate project committers user group
> would be all that needs to be done.
>
> Then Jenkins could be configured also to give all rights to jobs matching
> appropriate name.
> E.g. grant all rights to "(?i)mahout.*" jobs for all Apache Mahout project
> committers.
>
> Currently process is all manual (as covered on
> http://wiki.apache.org/general/Jenkins ), and initially committer has very
> limited access, can just start build jobs, not even view job configuration.
> Viewing build job output I think is accessible to the public.
>
> Kind regards,
> Stevo Slavic.