Friday, February 7, 2025

Create Jenkins-User and Grant the least Privileges: PoLP.


 Sample team members for jenkins

jenkins-Users, can be allowed to sign in temoporaly and create personal credentials

 Double-click on the image to zoom-out ...Larger.

To return to Home page: Refresh Page or Take ESC Button on Keyboard.

Jenkins user created and offered the least privileges-PoLP

The Principle of Least Privilege (PoLP) ensures that users in Jenkins have only the minimum permissions required to perform their tasks, reducing security risks. Below is a step-by-step guide on how to create a Jenkins user and assign the least privileges.

1,  Create a New User in Jenkins

  1. Go to Jenkins DashboardManage JenkinsManage Users.
  2. Click Create User.
  3. Enter:
    • Username: (e.g., developer01)
    • Password
    • Full Name
    • Email
  4. Click Create User.

2,  Install Role-Based Authorization Strategy Plugin

  1. Go to Manage JenkinsManage Plugins.
  2. Search for Role-Based Authorization Strategy.
  3. Install the plugin and restart Jenkins.

3,  Configure Role-Based Access Control (RBAC)

Step 1: Enable Role-Based Authorization

  1. Go to Manage JenkinsConfigure Global Security.
  2. Under Authorization, select Role-Based Strategy.
  3. Click Save.

Step 2: Define a Least-Privilege Role

  1. Navigate to Manage JenkinsManage and Assign Roles.
  2. Click on Manage Roles.
  3. Under Project Roles, add a new role (e.g., developer).
  4. In the Pattern field, enter .* to apply the role to all jobs.
  5. Grant the user only essential permissions:
    • Overall: Read
    • Job: Read, Build, Workspace
    • View: Read
    • Deny administrative privileges (like Job Delete, Configure, Manage Nodes, etc.)
  6. Click Save.

Step 3: Assign the Role to the User

  1. Navigate to Manage JenkinsManage and Assign RolesAssign Roles.
  2. Under Users/Groups, enter the username (developer01).
  3. Assign the developer role to the user.
  4. Click Save.

4,  Verify the User's Access

  1. Log out from the admin account.
  2. Log in as developer01.
  3. Verify that:
    • The user can see jobs but cannot configure/delete them.
    • The user can build jobs but cannot modify system settings.
    • The user has no admin rights.

5,  Apply Additional Security Controls

  • Restrict API Tokens: Users should generate API tokens instead of using passwords.
  • Limit Access to Credentials: Only admins should have access to Jenkins credentials.
  • Use Folders for Role Isolation: Assign specific permissions per project folder.

 Summary: PoLP Implementation in Jenkins

 Created a new user (developer01).
 Installed & configured Role-Based Authorization Strategy.
 Assigned minimum required privileges to a developer role.
 Verified access restrictions.

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

AWS Lambda Intergration with other AWS Services | Auto-Invoked Or May be Used with help of SDK.

Here’s twtech comprehensive list of AWS services that integrate with AWS Lambda , organized by category for clarity:  Lambda Integration Cat...