> From: Marc Khouzam <marc.khouzam@xxxxxxxxxxxx> > ... > I like the idea of trying HIPP to do that. But
then the question of > security comes in. How do I limit the number of people that
are > allowed to run that job? When I create a new job on the CDT
HIPP it > seems all committers can run it by default. It is not that I don't
> trust other committers, but I prefer to reduce the risk of mistakes
> and only give permissions to people doing the releng stuff.
While there may be other solutions in the future,
I think even now you could use "Job-based Matrix Authorization
Strategy ". Then for each "job"
you can (must) specify who can do what. And there are several ways
to specify "who": a. committer mail address, b. ROLE_<linux-group>,
c. anonymous. For example, you might want only yourself to be able to "run" or "delete" a job, but
maybe still allow everyone to "read" the log from the job. This probably will take a change to your overall "HIPP
Instance", and then changes to each of your jobs (from the little I know about your