Skip to end of metadata
Go to start of metadata

Available in Nexus Repository OSS and Nexus Repository Pro

Privileges control access to specific functionality of the repository manager and can be grouped as a role and assigned to a specific users.

To access Privileges go to Security in the Administration menu, where it’s listed as a sub-section. An extensive list of privileges is already built in the repository manager and is partially depicted in Figure 6.2, “Partial List of Security Privileges”. This feature allows you inspect existing privileges and create custom privileges.

Figure 6.2. Partial List of Security Privileges

The list of privileges displays an icon for the privilege Type as the first column, followed by:

Name

the internal identifier for the privilege

Description

a human readable description of the purpose of the privilege

Type

the aspect of the repository manager to which this privilege applies

Permission

the internal permission definition as used by the embedded security framework

Further details are available after pressing on a specific row in the detail view.

Click the Create privilege button to view a list of privilege types, as seen in Figure 6.3, “Choosing Privilege Types”.

Figure 6.3. Choosing Privilege Types

Select the type corresponding to the area of the repository manager you wish to grant permissions. When you create a new Privilege Type you must assign at least one action in the Actions field.

The list of Privilege Types are as follows:

Application

These are privileges related to a specific domain in the repository manager

Repository Admin

These are privileges related to the administration and configuration of a specific repository

Repository Content Selector

These are privileges attributed to filtered content within a format, evaluated against a content selector

Repository View

These are privileges controlling access to the content of a specific repository

Script

These are privileges related to the execution and management of scripts as documented in REST and Integration API

Wildcard

These are privileges that use patterns to group other privileges

Actions

Actions are functions allowing an explicit behavior the privilege can perform with the associated function.

The Actions to choose from are addbrowsecreatedeleteeditreadupdate, and *. You can assign a single or combination of comma-delimited actions when creating new privileges. The privilege type to which you apply any of these Actions will perform the action’s implied behavior. Consider how each action behaves when applied to a privilege type:

add

This action allows privileges to add repositories or scripts.

browse

This action allows privileges to view the contents of associated repositories. Unlike  read , privilege types with  browse  can only view and administrate repository contents from UI.

create

This action allows privileges to create applicable configurations within the repository manager. Since a read permission is required to view a configuration, this action is associated with most existing create privileges.

delete

This action allows privileges to delete repository manager configurations, repository contents, and scripts. A read action is generally associated with delete actions so the actor can view these configurations to remove them.

edit

This action allows privileges to modify associated scripts, repository content, and repository administration.

read

This action allows privileges to view various configuration lists and scripts. Without  read , any associated action will permit a privilege to see these lists but not its contents. The  read  action also allows privileges to utilize tools that can look at content from the command line.

update

This action allows privileges to update repository manager configurations. Most existing privileges with update include read actions. Therefore, if creating custom privileges with  update , the actor should consider adding read to the privilege in order to view repository manager configuration updates.

*

This action is a wildcard giving you the ability to group all actions together.

To save a new custom privilege click the Create privilege button. The privilege can be found listed among the default privileges on the main Privileges screen. You can use the Filter input box to find a specific privilege.

In the following example, an Application privilege type is created.

Figure 6.4. Creating an Application Privilege

The form provides NameDescriptionDomain, and Actions. In Figure 6.4, “Creating an Application Privilege” the form is completed for a privilege only thats allows read access to the LDAP administration. If assigned this privilege, a user is able to view LDAP administration configuration but not edit it, create a new LDAP configuration, nor delete any existing LDAP configurations.

In another example, a Repository View privilege type is created.

Figure 6.5. Creating a Repository View Privilege

The form provides NameDescriptionFormatRepository, and Actions. In Figure 6.5, “Creating a Repository View Privilege” the form is completed for a privilege granting sufficient access to publish images to a specific hosted repository. A user with this privilege can view and read the contents of the repository as well as publish new images to it, but not delete images.

You can also assign privileges to users, and any assigned role, so they can have read-only access to a specific group repository. By default, these permissions will only allow users to read contents via the assigned group.

Additionally, users cannot access the contents of a group repository via members inside the group unless the member repository is assigned the same privileges as the group.

  • No labels