3.3.13. Authorization

Buildbot authorization is designed to address the following requirements:

• Most of the configuration is only data: We avoid to require from the user to write callbacks for most of the use cases. This is to allow to load the config from yaml or json, and eventually do a UI for authorization config.

• Separation of concerns:

  • Mapping users to roles

  • Mapping roles to REST endpoints

• Configuration should not need hardcoding endpoint paths

• Easy to extend

3.3.13.1. Use cases

• Members of admin group should have access to all resources and actions

• Developers can run the “try” builders

• Integrators can run the “merge” builders

• Release team can run the “release” builders

• There are separate teams for different branches or projects, but the roles are identical

• Owners of builds can stop builds or buildrequests

• Secret branch’s builds are hidden from people except explicitly authorized