3.1.16. Authorization

Buildbot authorization is designed to address the following requirements

  • Most of the configuration is only data: We avoid to require user to write callbacks for most of the use cases. This to allow to load the config from yaml or json and eventually do a UI for authorization config.

  • Separation of concerns:

    • Mapping users to roles
    • Mapping roles to REST endpoints.
  • Configuration should not need hardcoding endpoint paths.

  • Easy to extend

3.1.16.1. Use cases

  • Members of admin group should have access to all resources and actions
  • developers can run the "try" builders
  • Integrators can run the "merge" builders
  • Release team can run the "release" builders
  • There are separate teams for different branches or projects, but the roles are identic
  • Owners of builds can stop builds or buildrequests
  • Secret branch's builds are hidden from people except explicitly authorized