Role Permission

Defines the permissions for a role (a group of users).

Version

Available from version 1.5

Examples

Role Definition Example

1<rolePermission name="admin" forceBuild="Allow" startProject="Deny" defaultRight="Inherit">
2  <users>
3    <userName name="johndoe" />
4  </users>
5</rolePermission>

Reference Example

1<rolePermission name="admin" ref="admin" />

Configuration Elements

Element Description Type Required Default Version
changeProject The right to change the configuration of projects. String - one of:
* Allow
* Deny
* Inherit
No Inherit 1.5
defaultRight The default right to use. String - one of:
* Allow
* Deny
* Inherit
No Inherit 1.5
forceBuild The right for force or abort builds. String - one of:
* Allow
* Deny
* Inherit
No Inherit 1.5
modifySecurity The right to modify security. String - one of:
* Allow
* Deny
* Inherit
No Inherit 1.5
ref The identifier of the referenced permission. String No None 1.5
name The name of the role. String Yes n/a 1.5
sendMessage The right to send messages. String - one of:
* Allow
* Deny
* Inherit
No Inherit 1.5
startProject The right to stop and start projects. String - one of:
* Allow
* Deny
* Inherit
No Inherit 1.5
users The users in this role. User Name array No None 1.5
viewConfiguration The right to view configuration and logs. String - one of:
* Allow
* Deny
* Inherit
No Inherit 1.5
viewProject The right to view a project. String - one of:
* Allow
* Deny
* Inherit
No Inherit 1.5
viewSecurity The right to view security. String - one of:
* Allow
* Deny
* Inherit
No Inherit 1.5

Notes

General Security Permissions

The following are the general security permissions:

Element Description Type Required Version
defaultRight This is the permission that will be used if no other permission has been specified. See notes below for how this works. Permission No 1.5.0
forceBuild The force/abort build permission. Permission No 1.5.0
sendMessage The send message permission. Permission No 1.5.0
startProject The start/stop project permission. Permission No 1.5.0
changeProject The permission to change a project, e.g. add/modify/delete. Permission No 1.5.0
viewSecurity The permission to view security information. Permission No 1.5.0
modifySecurity The permission to modify security settings (via a client). Permission No 1.5.0
viewProject The view project permission. Permission No 1.5.0
viewConfiguration The permission to view configuration information. Permission No 1.5.0

Permission

Each permission can be one of the following values:
  • Allow: the permission has been granted
  • Deny: the permission has been disallowed
  • Inherit: The next level of permissions will be checked to see if it is allowed or denied. If the permission has not been set at any other level, then the default permission will be returned.

The default permission for an omitted permission attribute is "Inherit".

Permission Inheritance

Permissions can be set in multiple places, at both server and project level. When checking for a permission, the security manager will start at the project level and check each permission definition to see if it is valid for the user.

When a valid permission is found, it will then see if the specific permission has been set (i.e. not inherit). The specific permission is decided by the action, e.g force or abort build, start or stop a project, etc. If the specific permission is not set, then it will check the default permission. If neither is set, then it will continue on through the permissions until it finds another valid permission. This will continue until all the permissions have been checked, or a permission has been found (e.g. allow or deny).

If no permissions are found at the project level, it will then use the permissions defined at the server level. Again, it will first check for a specific permission, and then the default permission. If no permissions has been found after this, then it will return denied as the permission.

Automatically Generated

Documentation generated on Monday, 26 May 2014 at 7:18:01 AM