add bootstrap doc for jenkins-sandbox-access group

Change-Id: I130a20cd6c9aae9a8d8dad6e97fdf3226b82acde
Signed-Off-By: Pono <dtakamori@contractor.linuxfoundation.org>

diff --git a/docs/_static/ciman/sandbox-access-permissions.example b/docs/_static/ciman/sandbox-access-permissions.example
new file mode 100644 (file)
index 0000000..3d9a806
--- /dev/null
+++ b/docs/_static/ciman/sandbox-access-permissions.example
@@ -0,0 +1,10 @@
+* Overall: Read
+* Job: Build
+* Job: Cancel
+* Job: Configure
+* Job: Create
+* Job: Delete
+* Job: Discover
+* Job: Read
+* Job: Workspace
+* View: Read

diff --git a/docs/infra/bootstrap.rst b/docs/infra/bootstrap.rst
index d49e99f..15af159 100644 (file)
--- a/docs/infra/bootstrap.rst
+++ b/docs/infra/bootstrap.rst
@@ -85,6 +85,20 @@ to login to Jenkins.
 
    .. include:: ../_static/ciman/jobbuilder-user-permissions.example
 
+.. _setup-sandbox-access:
+
+Setup Sandbox Access
+--------------------
+
+To allow people access to the Jenkins Sandbox, we require an LDAP group to
+exist with the appropriate people added.  Use :doc:`lftools lfidapi create-group <lftools:commands/lfidapi>`
+to create a group called ``$project-jenkins-sandbox-access`` and add any initial
+members you might need.
+
+#. Go to https://jenkins.example.org/configureSecurity and add the group with:
+
+   .. include:: ../_static/ciman/sandbox-access-permissions.example
+
 .. _infra-bootstrap-ci-management:
 
 ci-management repo