How to give user access for parameters in Jenkins basused on user role in Role-based Authorization Strategy plugin

AhmedGHamdy · August 1, 2023, 2:56pm

I want to give user access for parameters in Jenkins basused on user role.

so I am using Role-based Authorization Strategy and Active Choices parameter plugins and trying to do this and I successfully gave user access for parameters based on user name but not based on user roles.

I want to do the same based on user roles.

import jenkins.model.Jenkins 
import hudson.model.User  

// Get the current user 
User currentUser = User.current()  

// Get the username of the current user 
String currentUsername = currentUser != null ? currentUser.fullName : null 

// Define the available environments based on usernames 
def envChoices = []  

if (currentUsername == "DevUser1") {
 envChoices += "DEV" 
}  
if (currentUsername == "QAUser1") {
 envChoices += "QA" 
}  
// Check if the user has the role "admin" to list all parameters (DEV, QA, PROD) if (currentUsername == "Admin") { envChoices += ["DEV", "QA", "PROD"]
 }  

return envChoices

Also how to list user roles in Jenkins groovy script console does Role-based Authorization Strategy plugin have variables? I could not find it.

mawinter69 · August 1, 2023, 4:18pm

You can call the methods of the REST api within your groovy script.
The method doGetRole is what you need here probably.

Jenkins jenkins = Jenkins.get()
rbas = jenkins.getAuthorizationStrategy()
json = rbas.doGetRole("globalRoles", "admin")
def slurper = new JsonSlurper()
def result = slurper.parseText(json)
...

There is no method available that lists all roles a user belongs to.

You would also need to check if any of the groups a user belongs is in the admin role to be 100% correct.
currentUser.getAuthorities() gives you the list of groups the user belongs to.

George · October 17, 2023, 5:25pm

Using getAuthorities seems to be the correct method, however I can not get list of roles using this approach for a user without admin rights.

The idea being how can I determine a role for a current user without admin rights?

It works when you give admin permissions. However this defeats the purpose of make script choices for a user based on there role?

Is there another way to obtain a current users role that does not have admin permissions?

mawinter69 · October 26, 2023, 3:47pm

latest version of rolestategy plugin has 2 steps for pipeline jobs that allow to fetch the roles of the user that started the build. See Role-based Authorization Strategy

Topic		Replies	Views
How to provide an user overall admin access using groovy script? Using Jenkins	4	1154	May 10, 2022
Restrict credentials access using credentials domains in Jenkins Using Jenkins question	2	283	March 13, 2024
How do i remove specific permissions for a user in Jenkins using groovy script? Ask a question	4	990	June 20, 2022
Jenkins Helm chart values for role based authorization strategy Ask a question	3	1020	April 19, 2024
Migration of authorizations into Role-based Authorization Ask a question question	1	575	January 11, 2023

How to give user access for parameters in Jenkins basused on user role in Role-based Authorization Strategy plugin

Related Topics