Allow "non-privileged" users to "administer" a Build Plan?

Does anyone have the usecase where an external entity (to the build team) has a need to modify a build plan that they take "ownership" of, and that they're granted that access?

For example, I have the normal build team that manages Build plans within Bamboo.  Dev Team A would like to manage their own plan (and I'm not that averse to it, at least in theory).  However, my fear is that a poorly written plan task could cause a lot of damage to the Bamboo server itself (like a "script" that runs "rm -fr /" accidentally).  Normally, Bamboo runs as a particular server process (by default, "bamboo").  Which means that any build plan normally runs as that user, too (since it inherits the process owner).  I can "sandbox" away that plan to only run on, say, an external agent, but that's configured via the Plan, which means that the Dev Team A could change that (inadvertently, of course) back to the primary build server.

At any rate, is there a good solution to this usecase that I'm not thinking of?  Does anyone else let external users (to the build team) manage/edit their "own" Build Plans? There's a corollary question about deployment plans, too.

2 answers

1 accepted

This widget could not be displayed.

Jon

In Atlassian every developer can create/modify plans. We believe that people are responsible and good by nature and are not willing to do any harm to company nor its servers smile

But seriously:

  • we do not run local agents to avoid any performance impact on the server
  • we mostly run Amazon EC2 agents which can be simply recreated when something goes wrong
  • remote agents running on company servers can be automatically recreated (vagrant/puppet etc)

If your environment / build process requires additional level of security / permissions then maybe it could be possible to setup separate Bamboo instances for Dev team and Build team. The latter will be running under more restrictive permissions.

 

Hope this helps  

My personal favorite (as I've done it): rm -fr ${soem_var}/${otehr_var} where $some_var and $other_var is what I really wanted to write...

This widget could not be displayed.

Hello Jon,

Thank you for your question.

Currently, Bamboo does not provide the option to only view the Plan configuration. Either you have access to it or not. Due to that, there is an improvement request created that I would like to share with you:

https://jira.atlassian.com/browse/BAM-15363

I would suggest adding any comments to the issue above as well as voting on the issue to create it's popularity and likelihood of being implemented in a future release.

For more information on how Atlassian implements new features and improvements please see the following document:

If you find this answer useful, I would kindly ask you to accept it so the same will be visible to others who might be facing the same issue you have inquired.

Thank you for your understanding.

Kind regards,
Rafael P. Sperafico
Atlassian Support

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Wednesday in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

215 views 3 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you