I am creating a bamboo plan that will create an artifact. I want any logged in user to be able to manually start the plan, but I only want specific named users to be allowed to download the artifacts. How can I do this?
I am using config as code written in Java for bamboo v9.2.4.
Current Plan creation:
return new Plan(
ProjectFactory.Get(),
"test",
new BambooKey("TEST"))
.pluginConfigurations(new ConcurrentBuilds())
.stages(new Stage("Default Stage")
.jobs(new Job("Default Job",
new BambooKey("JOB1"))
.artifacts(new Artifact()
.name("artifact.txt")
.copyPatterns("artifact.txt")
.required(true))
.tasks(new ScriptTask()
.description("create file")
.inlineBody("echo hello >> artifact.txt"))))
.planBranchManagement(new PlanBranchManagement()
.delete(new BranchCleanup())
.notificationForCommitters());
To set up permissions in Bamboo for manual plan execution by any logged user, but restrict artifact downloads to specific users, you will need to work with both plan permissions and global permissions settings. Bamboo, unfortunately, does not provide a straightforward way to restrict artifact downloads at the user level through its UI or API directly within a plan configuration. However, you can manage this by setting up permissions carefully around your plan and artifacts.
Given your scenario and the use of Bamboo Java specs (configuration as code), here's an approach you might consider, with an emphasis on the conceptual steps since direct artifact download permissions require manual intervention:
For allowing any logged-in user to manually start the plan, ensure that your Bamboo global permissions are set to allow logged-in users to execute plans. This can usually be achieved through the Bamboo UI under Bamboo Administration > Security > Global permissions. There isn't a direct method in Bamboo Specs to modify global permissions, as these settings are outside the scope of what Bamboo Specs are designed to manage. They are more focused on project and plan configuration rather than global security settings.
Bamboo does not offer fine-grained control over artifact downloads via its permissions model directly. However, here are some strategies to control access:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.