Available in Nexus Repository OSS and Nexus Repository Pro
Privileges control access to specific functionality of the repository manager and can be grouped as a role and assigned to a specific users.
To access Privileges go to Security in the Administration menu, where it’s listed as a sub-section. An extensive list of privileges is already built in the repository manager and is partially depicted in Figure 6.2, “Partial List of Security Privileges”. This feature allows you inspect existing privileges and create custom privileges.
Figure 6.2. Partial List of Security Privileges
The list of privileges displays an icon for the privilege Type as the first column, followed by:
the internal identifier for the privilege
a human readable description of the purpose of the privilege
the aspect of the repository manager to which this privilege applies
the internal permission definition as used by the embedded security framework
Further details are available after pressing on a specific row in the detail view.
Click the Create privilege button to view a list of privilege types, as seen in Figure 6.3, “Choosing Privilege Types”.
Figure 6.3. Choosing Privilege Types
Select the type corresponding to the area of the repository manager you wish to grant permissions. When you create a new Privilege Type you must assign at least one action in the Actions field.
The list of Privilege Types are as follows:
These are privileges related to a specific domain in the repository manager
These are privileges related to the administration and configuration of a specific repository
Repository Content Selector
These are privileges attributed to filtered content within a format, evaluated against a content selector
These are privileges controlling access to the content of a specific repository
These are privileges related to the execution and management of scripts as documented in REST and Integration API
These are privileges that use patterns to group other privileges
Actions are functions allowing an explicit behavior the privilege can perform with the associated function.
The Actions to choose from are
*. You can assign a single or combination of comma-delimited actions when creating new privileges. The privilege type to which you apply any of these Actions will perform the action’s implied behavior. Consider how each action behaves when applied to a privilege type:
This action allows privileges to add repositories or scripts.
This action allows privileges to view the contents of associated repositories. Unlike
read , privilege types with
browse can only view and administrate repository contents from UI.
This action allows privileges to create applicable configurations within the repository manager. Since a read permission is required to view a configuration, this action is associated with most existing create privileges.
This action allows privileges to delete repository manager configurations, repository contents, and scripts. A read action is generally associated with delete actions so the actor can view these configurations to remove them.
This action allows privileges to modify associated scripts, repository content, and repository administration.
This action allows privileges to view various configuration lists and scripts. Without
read , any associated action will permit a privilege to see these lists but not its contents. The
read action also allows privileges to utilize tools that can look at content from the command line.
This action allows privileges to update repository manager configurations. Most existing privileges with update include read actions. Therefore, if creating custom privileges with
update , the actor should consider adding read to the privilege in order to view repository manager configuration updates.
This action is a wildcard giving you the ability to group all actions together.
To save a new custom privilege click the Create privilege button. The privilege can be found listed among the default privileges on the main Privileges screen. You can use the Filter input box to find a specific privilege.
In the following example, an Application privilege type is created.
Figure 6.4. Creating an Application Privilege
The form provides Name, Description, Domain, and Actions. In Figure 6.4, “Creating an Application Privilege” the form is completed for a privilege only thats allows read access to the LDAP administration. If assigned this privilege, a user is able to view LDAP administration configuration but not edit it, create a new LDAP configuration, nor delete any existing LDAP configurations.
In another example, a Repository View privilege type is created.
Figure 6.5. Creating a Repository View Privilege
The form provides Name, Description, Format, Repository, and Actions. In Figure 6.5, “Creating a Repository View Privilege” the form is completed for a privilege granting sufficient access to publish images to a specific hosted repository. A user with this privilege can view and read the contents of the repository as well as publish new images to it, but not delete images.
You can also assign privileges to users, and any assigned role, so they can have read-only access to a specific group repository. By default, these permissions will only allow users to read contents via the assigned group.
Additionally, users cannot access the contents of a group repository via members inside the group unless the member repository is assigned the same privileges as the group.