I'm trying to disable Anonymous access to our Jenkins installation, but still allow Codebase Git to perform post-receive hooks to post to Jenkins, to allow it to trigger a build.
We're using Matrix-based security, and have allowed only the following permissions for Anonymous users:
- Overall > Read
- Job > Read
- Job > Build
These are the minimum I have to activate in order to get Codebase posting the URL, otherwise I get access denied errors from Jenkins, the problem is, it allows anonymous users to browse our projects?
Is there a way to obscure this? I think it's really stupid that Jenkins needs Overall > Read access to allow the Job > Build permission to work.
Best Answer
This is how we do:
You can make a new user called github for an example and give it the same three permissions, then when you link to the build url you include the username and password in the url, like:
This way you do not allow anonymous user access your Jenkins instance.