BuildForge Help

Security Overview

The system manages users in its database, and allows you to control the privileges of users (through the groups you assign them to). You assign privileges to groups, then make each user a member of appropriate groups.

This is a role-based system: each group represents a role a user can have in your organization, and roles have privileges. A user's privileges are the sum of the groups the user belongs to. You cannot assign privileges to individual users directly, only to groups.

The system also uses access groups for notification. When you ask the system to send notification messages, the target of the messages must be an access group. See Setting Up Notification for more information.

Security privileges, or permissions, define what a group can do and/or see. They can serve as a filter on the group's experience of the system. For example, a user who is a member of the Guest group (and no other groups) sees only Projects which have the Guest group assigned as their Access property. That user can only launch projects with Guest access. If the user was also a member of the Developer group, he would see all the projects whose Access properties were either Guest or Developer.

Note: You can use an existing LDAP database for user authentication, instead of the database. When you do this, instead of defining users in the system, you allow some or all of the users from your LDAP database to access the system. You can also map access groups to LDAP groups. For details on setting up LDAP, see LDAP and Active Directory Integration.

The activities and resources that you can control with access groups are Permissions, Servers, Projects, Steps, and Access Groups.

This flexible model allows you to securely give one privilege (such as the ability to run builds) to some types of users, while restricting others (such as the right to edit projects or use certain servers).