Allow "non-privileged" users to "administer" a Build Plan?

Does anyone have the usecase where an external entity (to the build team) has a need to modify a build plan that they take "ownership" of, and that they're granted that access?

For example, I have the normal build team that manages Build plans within Bamboo.  Dev Team A would like to manage their own plan (and I'm not that averse to it, at least in theory).  However, my fear is that a poorly written plan task could cause a lot of damage to the Bamboo server itself (like a "script" that runs "rm -fr /" accidentally).  Normally, Bamboo runs as a particular server process (by default, "bamboo").  Which means that any build plan normally runs as that user, too (since it inherits the process owner).  I can "sandbox" away that plan to only run on, say, an external agent, but that's configured via the Plan, which means that the Dev Team A could change that (inadvertently, of course) back to the primary build server.

At any rate, is there a good solution to this usecase that I'm not thinking of?  Does anyone else let external users (to the build team) manage/edit their "own" Build Plans? There's a corollary question about deployment plans, too.

2 answers

1 accepted

Accepted Answer
0 votes

Jon

In Atlassian every developer can create/modify plans. We believe that people are responsible and good by nature and are not willing to do any harm to company nor its servers smile

But seriously:

  • we do not run local agents to avoid any performance impact on the server
  • we mostly run Amazon EC2 agents which can be simply recreated when something goes wrong
  • remote agents running on company servers can be automatically recreated (vagrant/puppet etc)

If your environment / build process requires additional level of security / permissions then maybe it could be possible to setup separate Bamboo instances for Dev team and Build team. The latter will be running under more restrictive permissions.

 

Hope this helps  

My personal favorite (as I've done it): rm -fr ${soem_var}/${otehr_var} where $some_var and $other_var is what I really wanted to write...

0 votes

Hello Jon,

Thank you for your question.

Currently, Bamboo does not provide the option to only view the Plan configuration. Either you have access to it or not. Due to that, there is an improvement request created that I would like to share with you:

https://jira.atlassian.com/browse/BAM-15363

I would suggest adding any comments to the issue above as well as voting on the issue to create it's popularity and likelihood of being implemented in a future release.

For more information on how Atlassian implements new features and improvements please see the following document:

If you find this answer useful, I would kindly ask you to accept it so the same will be visible to others who might be facing the same issue you have inquired.

Thank you for your understanding.

Kind regards,
Rafael P. Sperafico
Atlassian Support

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Monday in Jira Ops

Jira Ops Early Access Program Update #1: Announcing our next feature and a new integration

Thanks for signing up for Jira Ops! I’m Matt Ryall, leader for the Jira Ops product team at Atlassian. Since this is a brand new product, we’ll be delivering improvements quickly and sharing updates...

488 views 0 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you