On my Jenkins instance I have 2 environments created: 1. DEV and 2. PROD. For authentication I am using Matrix-based security against an Active Directory server (AD groups). This works great for global permissions. But I need to lock down the PROD projects. How can I restrict who can create/execute/modify PROD projects in Jenkins? All PROD project names begin w/ either "PROD -" or "PROD_".
Initially, I thought I could use Groovy to implement an authorization pre-check whenever a PROD project was triggered. But I'm not sure if this is feasible.
Right now, I'm looking into possibly using one of the following plugins:
https://wiki.jenkins.io/display/JENKINS/Job+Restrictions+Plugin https://wiki.jenkins.io/display/JENKINS/Role+Strategy+Plugin
Has anyone had success in restricting certain Jenkins project to certain users (preferably incorporating Active Directory groups)?
