Allow "non-privileged" users to "administer" a Build Plan?

Does anyone have the usecase where an external entity (to the build team) has a need to modify a build plan that they take "ownership" of, and that they're granted that access?

For example, I have the normal build team that manages Build plans within Bamboo.  Dev Team A would like to manage their own plan (and I'm not that averse to it, at least in theory).  However, my fear is that a poorly written plan task could cause a lot of damage to the Bamboo server itself (like a "script" that runs "rm -fr /" accidentally).  Normally, Bamboo runs as a particular server process (by default, "bamboo").  Which means that any build plan normally runs as that user, too (since it inherits the process owner).  I can "sandbox" away that plan to only run on, say, an external agent, but that's configured via the Plan, which means that the Dev Team A could change that (inadvertently, of course) back to the primary build server.

At any rate, is there a good solution to this usecase that I'm not thinking of?  Does anyone else let external users (to the build team) manage/edit their "own" Build Plans? There's a corollary question about deployment plans, too.

2 answers

1 accepted

0 vote

Jon

In Atlassian every developer can create/modify plans. We believe that people are responsible and good by nature and are not willing to do any harm to company nor its servers smile

But seriously:

  • we do not run local agents to avoid any performance impact on the server
  • we mostly run Amazon EC2 agents which can be simply recreated when something goes wrong
  • remote agents running on company servers can be automatically recreated (vagrant/puppet etc)

If your environment / build process requires additional level of security / permissions then maybe it could be possible to setup separate Bamboo instances for Dev team and Build team. The latter will be running under more restrictive permissions.

 

Hope this helps  

My personal favorite (as I've done it): rm -fr ${soem_var}/${otehr_var} where $some_var and $other_var is what I really wanted to write...

0 vote

Hello Jon,

Thank you for your question.

Currently, Bamboo does not provide the option to only view the Plan configuration. Either you have access to it or not. Due to that, there is an improvement request created that I would like to share with you:

https://jira.atlassian.com/browse/BAM-15363

I would suggest adding any comments to the issue above as well as voting on the issue to create it's popularity and likelihood of being implemented in a future release.

For more information on how Atlassian implements new features and improvements please see the following document:

If you find this answer useful, I would kindly ask you to accept it so the same will be visible to others who might be facing the same issue you have inquired.

Thank you for your understanding.

Kind regards,
Rafael P. Sperafico
Atlassian Support

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published May 18, 2017 in Bamboo

FAQ: How to Upgrade Bamboo Server

Bamboo 5.9 will no longer be supported after June 12, 2017. What does this mean? As part of our End of Life policy, Atlassian supports major versions for two years after the first major iteratio...

1,586 views 0 6
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you