User rights in Hudson - what I really need

Submitted by John Ferguson Smart on Wed, 2008/02/27 - 6:39pm

Ads by DZone

When Hudson first came out, it had only the most basic user authentication schema. Administrators could do everything, and everyone else could only sit and watch.

Well Hudson has come along way since those days, and in the more recent versions, we are starting to see an interest role-based authentication schema. As well as using Hudson's own built-in user database, you also can delegate authentification to the servlet container (say, Tomcat) or to an LDAP server. And, using a recently-introduced feature called "Matrix-based security", you can basically configure which users have what permissions in a big table. You can define permissions either for individual users, or for groups (or roles).

This is cool, but actually, what I really need sometimes is per-project (or per-job) user rights. For example, a developer should be able to force a build on the integration server, but only QA staff (or the project manager, or whoever) should be able to trigger off a build that deploys a new version onto the QA server.

Some of the commercial CI tools do this nicely. TeamCity comes to mind, as does (I think) Bamboo. Maybe Hudson will let you do this in next week's release ;-).

By the way, Hudson is currently leading in the 2008 CI Servers poll, followed by CruiseControl and TeamCity.

Attachment	Size
hudson-rights.jpg	23.53 KB

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)

Comments

Ronald Miura replied on Wed, 2008/02/27 - 8:02pm

What I really need is Hudson to stay easy and simple. This is the one great advantage it has over the other all-powerful CI servers. Drop it in a web container, and start registering your projects right away, instead of doing boring configuration.