Can Hudson be configured to prevent certain users from accessing certain projects?

I have various projects being built and tested periodically on a Hudson server, but I don't want every employee in the company to see published artifacts for every project.

Project-based matrix security seemed at first the key, but after many tests I find that 开发者_StackOverflow社区granting overall read permissions is mandatory if you want users to be able to read anything in the hudson server.

So, in the end read permissions are binary: either you grant global read permission or you block everything, am I right?

Haven't it tested with the newest release, but I use the matrix setup. I gave Anonymous the overall read. This way they can see the login screen when they type {{http://servername:port/}} but does not give them access to the jobs. In the jobs themselves I configured the users that should actually see the job. Works like a charm.

UPDATE: Meanwhile I found out that you can use authenticated instead of Anonymous. This enabled access to Hudson/Jenkins through the links in the Build failed messages. Now everyone gets the logon dialog and after signing in, they are right away at the job run of interest.

After trying to do something similar to you with Hudson's authorization settings, I came to the same conclusion you did.