To add a collaborator to this project you will need to use the Relish gem to add the collaborator via a terminal command. Soon you'll be able to also add collaborators here!More about adding a collaborator
Users and groups can be added to groups
- Create a group of groups
In this example we are giving the
group:employeesrole to groups
This effectively adds groups
employeesgroup. They are
granted all privileges of the
replace: trueoption. This means that if a group named
remove all members and replace with the roles in the members list. Replacing members gives you a
more authoritive answer to the question "who is in this group?", but may not work if you are
referencing global roles in your policy.
# First create the groups - !group employees - !group developers - !group operations # Now grant group employees to groups developers and operations - !grant replace: true role: !group employees members: - !group developers - !group operations
- I show the group "employees"
- group "developers" is a role member
- group "operations" is a role member
- Add an administrator to a group
In this example, a group
ci-admingets an admin grant on the group
ci. This means that
members of the group
ci-admincan add and remove members from the group
ci. In real-world
terms, everyone who uses your Jenkins system may be in the
cigroup. A smaller group of
Jenkins admins are in the
ci-admingroup, and can manage who is in the
Note how group
ci-adminis aliased with the name "admin" in the policy. This is effectively
creating a reference to that group we can use later in the policy. Aliasing policy records makes
policies DRYer and easier to maintain. By using a reference,
!group ci-adminis defined once in the policy
and then later used by reference. Create an alias by declaring a
name prepended with
&. Dereference that record later on in your policy by using the same name prepended
*. Aliasing also allows you to group records together under a single symbolic name.
- !group ci - !group &admin ci-admin - !grant role: !group ci member: !member role: *admin admin: true
- I show the group "ci"
- group "ci-admin" is a role member with admin option
Last published about 4 years ago by Kevin Gilpin.