Access Control

Permissions

This feature defines two permissions that can be used to control access to the repository.

Push
This permission controls whether the user can submit a change for a validated merge. This permission is implied by the build permission of the job, meaning those who can trigger a build can submit changes by default.
Pull
This permission controls whether the user can retrieve commits from the gate repository. This permission allows users to retrieve other people’s submissions. This permission is implied by the push permission, meaning those who can push changes into the gate repository will also automatically be able to retrieve changes.

Accessing the gate repository

This feature provides two transports to access the gate repository. One is the smart HTTP protocol, and the other is the SSH protocol.

If your job has the URL http://myjenkins/job/foo/job/bar/, then the Git repository via HTTP is available at http://myjenkins/job/foo/bar/repo.git. If your Jenkins is configured without security, this URL can be used as is. Otherwise log in to Jenkins and visit this page in a web browser to get a personal access URL. That URL allows Git to access the repository under your credentials without sending a password; keep this URL secret.

The SSH access to this same repository is available at ssh://myjenkins:NNNN/foo/bar.git where NNNN is the port number of the Jenkins SSHD service. If your Jenkins is configured with security, you’ll need to register your public key with Jenkins to authenticate the SSH access.

The HTTP protocol access is available all the time, and the SSH access is available if and only if the Jenkins SSHD service is available. The "Git repository for validated merge" UI will by default offer the SSH URL when SSHD is running, falling back to the HTTP URL; but an administrator can override this preference (as well as the SSHD service) in the Jenkins global configuration page.

Pushing to the upstream repository

In many cases the real upstream repository will also have access control and not permit anonymous pushes. To permit Jenkins to push your validated commits (along with associated merge commits) to the upstream repository, click the Advanced button in the job’s configuration page and select Credentials for pushing upstream. This could be a HTTP(S) username and password combination, or an SSH private key. You can also pick <automatic by pushing user> in which case the set of credentials associated with the user pushing to the gate repository will be searched for those matching the upstream URL.