Access overview

The system manages users in its database. You control the privileges of users through the groups you assign them to. You assign privileges to groups, and then make each user a member of appropriate groups.

This is a role-based system—a group represents a role that a user can have in your organization. Roles have privileges. A user's privileges are the sum of the groups the user belongs to. You cannot assign privileges to individual users directly, only to groups.

The system also uses access groups for notification. When you configure the system to send notification messages, the target of the messages must be an access group. See Setting up notification.

Security privileges, or permissions, define what a group can do and see. They can serve as a filter of the group's experience of the system. For example, a user who is a member of the Guest group (and no other groups) sees only Projects that have the Guest group assigned as their Access property. That user can only launch projects with Guest access. If the user was also a member of the Developer group, he would see all the projects whose Access properties were either Guest or Developer.

Note: You can use an existing LDAP database instead of the database for user authentication. When you use LDAP, instead of defining users in the system, you allow some or all of the users from your LDAP database to access the system. You can also map access groups to LDAP groups. For details about setting up LDAP, see About LDAP integration.

The activities and resources that you can control with access groups are Permissions, Servers, Projects, Steps, and Access Groups.

This flexible model allows you to securely give one privilege (such as the ability to run builds) to some types of users, while restricting others (such as the right to edit projects or use certain servers).


Feedback