3.3.13. Authorization

Buildbot authorization is designed to address the following requirements:

Most of the configuration is only data: We avoid to require from the user to write callbacks for most of the use cases. This is to allow to load the config from yaml or json, and eventually do a UI for authorization config.

Separation of concerns:

Mapping users to roles

Mapping roles to REST endpoints

Configuration should not need hardcoding endpoint paths

Easy to extend

3.3.13.1. Use cases

Members of admin group should have access to all resources and actions
Developers can run the “try” builders
Integrators can run the “merge” builders
Release team can run the “release” builders
There are separate teams for different branches or projects, but the roles are identical
Owners of builds can stop builds or buildrequests
Secret branch’s builds are hidden from people except explicitly authorized