Re: [eclipse.org-committers] SSH Auth Bot and your account security

["David M Williams" <david_williams@xxxxxxxxxx>]

> From: Marc Khouzam <marc.khouzam@xxxxxxxxxxxx>
> ...
> I like the idea of trying HIPP to do that.  But
then the question of
> security comes in.  How do I limit the number of people that
are 
> allowed to run that job?  When I create a new job on the CDT
HIPP it
> seems all committers can run it by default. It is not that I don't
> trust other committers, but I prefer to reduce the risk of mistakes
> and only give permissions to people doing the releng stuff.

While there may be other solutions in the future,
I think even now you could use 
"Job-based Matrix Authorization
Strategy ". Then for each "job"
you can (must) 
specify who can do what. And there are several ways
to specify "who": 
a. committer mail address, b. ROLE_<linux-group>,
c. anonymous.  
For example, you might want only yourself to be able
to "run" or "delete" a job, but
maybe still allow everyone to "read" the log from the job. 
This probably will take a change to your overall "HIPP
Instance", and then changes to 
each of your jobs (from the little I know about your
case). 

For more information than you want, see Chapter 4
of "Hudson book". 
https://www.eclipse.org/hudson/the-hudson-book/book-hudson.chunked/ch04.html#fig-security-authorization-matrix

There might be better sources of information for your
specific questions, but if you want to make changes "now" I suggest
opening a Hudson bug 
and ask for help there. [Unless Denis says otherwise
:) ] 

HTH