3.2.14. Authorization¶
Buildbot authorization is designed to address the following requirements
Most of the configuration is only data: We avoid to require user to write callbacks for most of the use cases. This to allow to load the config from yaml or json and eventually do a UI for authorization config.
Separation of concerns:
- Mapping users to roles
- Mapping roles to REST endpoints.
Configuration should not need hardcoding endpoint paths.
Easy to extend
3.2.14.1. Use cases¶
- Members of admin group should have access to all resources and actions
- developers can run the “try” builders
- Integrators can run the “merge” builders
- Release team can run the “release” builders
- There are separate teams for different branches or projects, but the roles are identical
- Owners of builds can stop builds or buildrequests
- Secret branch’s builds are hidden from people except explicitly authorized