Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Hudson-ci/features/Team Concept"
(Added Legend of capabilities in the matrix) |
(Converted legend to table for readability) |
||
Line 105: | Line 105: | ||
|} | |} | ||
− | '''Legend:''' | + | '''Legend:'''<br> |
− | + | {| width="700" border="1" cellpadding="1" cellspacing="1" | |
− | + | |- | |
− | + | | Y | |
− | + | | All teams | |
+ | |- | ||
+ | | - | ||
+ | | Not allowed | ||
+ | |- | ||
+ | | Team | ||
+ | | Only within the same team | ||
+ | |- | ||
+ | | <Team> | ||
+ | | Only within the same team if capability granted by system or team admin | ||
+ | |- | ||
+ | | Self-created | ||
+ | | Only if created by that team member | ||
+ | |} | ||
== Additional Requirements == | == Additional Requirements == |
Revision as of 13:47, 20 May 2013
The idea is to implement the concept of team so that several authentication and authorization can be assigned to that team. This helps multiple software project teams can use a single Hudson, but each team won't mess with other teams jobs
The tasks are
Implement the concept of System admin and team admin
- System admin are responsible for
- Setting up team and adding a team admin
- Hudson wide Authentication
- Other higher level administration like installing plugin
- Assign public jobs (with no associated teams) to specific teams
- Every hudson will have at least System admin
- Team admin has less power
- Every team will have at least one team admin
- Add and remove team members
- Authorize user permission such as which member can edit job, delete job etc
- Team member
- Can create and configure job if team admin admits
- Can set a job as public so that other teams can see it
- Can delete any job if team admin admits or only delete the self created job
- Can delete any job builds if team admin admits or only delete the self created job builds
- Can run any team job and public job
- Implement Permisson Scheme
- System Admin Permission
- Team Admin Permission
- Team Member Permission
- Implement the concept of Groups
- group can have any user as member
- Any group can be assigned with certain permission
- (Ex. system-admin group can be assigned with System Admin permission )
- Implement the concept of job permission
- Global jobs - any one can view
- Team jobs
- Only team members can view team private jobs
- Only certain team members can manually run
- Only certain team members can edit configuration
- Only certain team members can delete job
- Only certain team members can delete job build
- Implement project view based on team authorization
- Particular team can only view their jobs and any public jobs
- Anonymous users can view jobs only allowed to view as public
Capabilities
Capability | System Admin | Team Admin | Team Member |
Create system admin | Y | - | - |
Create team admin | Y | Team | - |
Create team member | Y | Team | - |
See team job | Y | Team | Team |
Create team job | Y | Team | <Team> |
Delete team job | Y | Team | Self-created or <Team> |
Configure team job | Y | Team | Self-created or <Team> |
Run team job | Y | Team | Self-created or <Team> |
Set team job public | Y | Team | <Team> |
Legend:
Y | All teams |
- | Not allowed |
Team | Only within the same team |
<Team> | Only within the same team if capability granted by system or team admin |
Self-created | Only if created by that team member |
Additional Requirements
- Multiple teams must be able to use same name for a job.
- Jobs must be saved in team specific folders
- Build History should show only the jobs accessible to the current user
- The people dashboard should display only the team members of the current user
- Build executor status must display jobs of the current user team