Jenkins has four security methods to make sure that the administrator of Jenkins can control who gets access to what specific parts of Jenkins. There as follows:
Permissions
Authentication:
When a thread runs in Jenkins, it will always have an authentication object attached to it which will represent the user which thread is currently serving.
ACL(deciding whether authentication object carried by thread has permission)
AccessControlled(Implemented by an object that owns ACL)
There are also plugins which do certain things that protect certain web methods. The ways to protect web methods are as follows:
Identity certain operations in code that can cause change in state of server or disclose private information. These methods should perform checkPermission.
Identify nearest AccessControlled objects to check check permissions with.
Identify the Permission object to use.
Jenkins will also change page rendering according to the permissions of the user. If a user doesn't have relevant permissions then certain elements of the page will not load for the user.
Authentication ways:
Web UI
REST API(login/password)
Jenkins CLI jar
CLI over SSH
Jenkins has four security methods to make sure that the administrator of Jenkins can control who gets access to what specific parts of Jenkins. There as follows: Permissions Authentication: When a thread runs in Jenkins, it will always have an authentication object attached to it which will represent the user which thread is currently serving. ACL(deciding whether authentication object carried by thread has permission) AccessControlled(Implemented by an object that owns ACL)
There are also plugins which do certain things that protect certain web methods. The ways to protect web methods are as follows: Identity certain operations in code that can cause change in state of server or disclose private information. These methods should perform checkPermission. Identify nearest AccessControlled objects to check check permissions with. Identify the Permission object to use.
Jenkins will also change page rendering according to the permissions of the user. If a user doesn't have relevant permissions then certain elements of the page will not load for the user.
Authentication ways: Web UI REST API(login/password) Jenkins CLI jar CLI over SSH