Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Allow "non-privileged" users to "administer" a Build Plan?

jvelapol
jvelapol December 18, 2014

Does anyone have the usecase where an external entity (to the build team) has a need to modify a build plan that they take "ownership" of, and that they're granted that access?

For example, I have the normal build team that manages Build plans within Bamboo.  Dev Team A would like to manage their own plan (and I'm not that averse to it, at least in theory).  However, my fear is that a poorly written plan task could cause a lot of damage to the Bamboo server itself (like a "script" that runs "rm -fr /" accidentally).  Normally, Bamboo runs as a particular server process (by default, "bamboo").  Which means that any build plan normally runs as that user, too (since it inherits the process owner).  I can "sandbox" away that plan to only run on, say, an external agent, but that's configured via the Plan, which means that the Dev Team A could change that (inadvertently, of course) back to the primary build server.

At any rate, is there a good solution to this usecase that I'm not thinking of?  Does anyone else let external users (to the build team) manage/edit their "own" Build Plans? There's a corollary question about deployment plans, too.

Answer
Watch
Like Be the first to like this
360 views

2 answers

1 accepted

0 votes
Answer accepted
Krystian Brazulewicz
Krystian Brazulewicz
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 31, 2014

Jon

In Atlassian every developer can create/modify plans. We believe that people are responsible and good by nature and are not willing to do any harm to company nor its servers smile

But seriously:

  • we do not run local agents to avoid any performance impact on the server
  • we mostly run Amazon EC2 agents which can be simply recreated when something goes wrong
  • remote agents running on company servers can be automatically recreated (vagrant/puppet etc)

If your environment / build process requires additional level of security / permissions then maybe it could be possible to setup separate Bamboo instances for Dev team and Build team. The latter will be running under more restrictive permissions.

 

Hope this helps  

View More Comments
jvelapol
jvelapol February 24, 2015

My personal favorite (as I've done it): rm -fr ${soem_var}/${otehr_var} where $some_var and $other_var is what I really wanted to write...

Like
Reply
0 votes
rsperafico
rsperafico
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 19, 2014

Hello Jon,

Thank you for your question.

Currently, Bamboo does not provide the option to only view the Plan configuration. Either you have access to it or not. Due to that, there is an improvement request created that I would like to share with you:

https://jira.atlassian.com/browse/BAM-15363

I would suggest adding any comments to the issue above as well as voting on the issue to create it's popularity and likelihood of being implemented in a future release.

For more information on how Atlassian implements new features and improvements please see the following document:

If you find this answer useful, I would kindly ask you to accept it so the same will be visible to others who might be facing the same issue you have inquired.

Thank you for your understanding.

Kind regards,
Rafael P. Sperafico
Atlassian Support

Reply

Suggest an answer

Log in or Sign up to answer
Bamboo
Bamboo
TAGS
AUG Leaders

Atlassian Community Events

    See all events