Adds a new role-based strategy to manage users' permissions.

{jenkins-plugin-info:pluginId=role-strategy}

About this plugin

This plugin adds a new role-based strategy to ease and fasten users management. This strategy allows:

Table of contents

User guide

Getting started

Using the plugin is fairly simple:

  1. Activate the Role-Based Strategy by using the standard Manage Jenkins > Configure System screen:
  2. Define and assign roles by using the Manages Roles item which appears in the Manage Jenkins screen:

    You then get following options:
    #* Manage Roles is the place where to set up roles:

    There's nothing much to say here, this is self-explanatory. The only tricky field is the Pattern one. This field consists in a regular expression aimed at matching the full name (including the folder name, if you're using Cloudbees Folders Plugin) of the jobs which the role will apply to. For example, if you set the field to "Roger-.*", then the role will match all jobs which name starts with "Roger-". Note that the pattern is case-sensitive. To perform a case-insensitive match, use (?i) notation: upper, "Roger-.*" vs. lower, "roger-.*" vs. case-insensitive, "(?i)roger-.*". If you have a nested folder structure where you want to provide the particular access to the second folder (or deeper), consider having a two-level security structure as well (Say you want to provide exclusive write/ modify type access to foo/bar and not everything else under "foo": First, assign that user/ group to read/ discover permissions with pattern " ^foo.* ", then assign that same user/ group to the more particular permissions with pattern " ^foo/bar.* " - Similar to what you'd do in a Unix/ Linux environment.
  1. #* Assign Roles is the place where to assign the defined roles to users:

Global Roles vs. Project Roles

It should be noted that the Global Roles override anything you specify in the Project Roles. That is, when you give a role the right to Job-Read in the Global Roles, then this role is allowed to read all Jobs, no matter what you specify in the Project Roles.

It may therefore be advisable to leave most (all) options unchecked in Job, Run and SCM in the Global Roles section for normal users.

Built-in Roles

There are two built-in roles:

*Anonymous* — Users who have not logged in

authenticated — Logged in users

Macros support (since 2.1.0)

Macros allow to extend analysis of user's access rights (see @RoleMacroExtension). If user's sid meets criteria in Roles and Assignments, then analysis will be propagated to extension, which makes decisions according to instance and parameters.

Available macros

You can get list of available macros and theirs descriptions at the JENKINS_URL/role-strategy/list-macros page. At the current state, plugin has minimal set of available macros, but they can be added by extensions from plugins.

Known macros:

Macro usage

Macros can be used in the following fields:

Macro string examples:

External add-ons

The management interface becomes difficult to use with a large number of users and/or roles. Several Greasemonkey userscripts exist to make the UI easier to use (Jira issue):

Jenkins Role Strategy UI enhancer
This userscript adds a tooltip to the checkboxes indicating the row (e.g. user name) and column (e.g. permission).

Jenkins Role Strategy Role Management Enhancer and Jenkins Role Strategy Role Assignment Enhancer
These userscripts rotate the text in the column title cells on the Role Strategy configuration pages by 90 degrees so they use less horizontal space. Additionally, the first (header) column is repeated at the end of the table.

Version history

Version 2.10 (Feb 11, 2019)

Internal changes:

Version 2.9.0 (Aug 27, 2018)

Version 2.8.2 (Aug 07, 2018)

Version 2.8.1 (May 25, 2018)

Version 2.8.0 (May 16, 2018)

Version 2.7.0 (Feb 06, 2018)

Version 2.6.1 (Oct 04, 2017)

Version 2.6.0 (Aug 28, 2017)

Version 2.5.1 (July 10, 2017)

Version 2.5.0 (Jun 02, 2017)

Version 2.4.0 (Apr 10, 2017)

This change is a part of the Security release in Jenkins.


After the update the dangerous permissions will be disabled, hence some Jenkins instances may require reconfiguration if they rely on dangerous configurations (e.g. RUN_SCRIPTS without ADMINISTER)


Version 2.3.2 (06/13/2016)

2.3.1 is skipped due to the typo in the property name

Version 2.3.0 (06/07/2016)

There are performance regressions reported to this version. Upgrade only after testing

Version 2.2.0 (06/29/2014)

Version 2.1.0 (07/20/2013)

Version 1.1.3 (07/10/2013)

Version 1.1.2 (10/14/2011)

Version 1.1.1 (09/19/2011)

Version 1.1 (06/08/2011)

Version 1.0 (09/20/2010)

Save