Content Selectors

Content selectors give access to specific content or namespace from a repository rather than the entire repository. The content is selected using search expressions written in CSEL (Content Selector Expression Language). CSEL is a light version of JEXL used to script queries along specific paths and coordinates available to your repository manager formats.

Content selectors define what content users are allowed to access. You define a selector name with a search expression to match all components that start with the designated component path.

After creating the content selector, it must be added to a privilege to scope it to a specific repository. This privilege is used to provide access to that namespace for a role, group, or user.

Content Selector > Privilege > Role > Group > User

See Manage Selector Permissions for using content selectors in Privileges.

Content selector best practices

Content selectors are best used for managing write access to team namespaces within a repository.
Content selectors do not revoke access provided by other privileges or selectors. To exclude read and write access to specific content, the best practice is to move the content to a privately hosted repository and limit permissions to that repository.
Group repository permissions will override more specific read permissions for included repositories.
Docker format requires some special considerations when creating content selectors.
See Content Selectors and Docker

Content selectors in highly available deployments

There are variations in how content selectors work depending on the environment. For HA deployments using PostgreSQL, you cannot use regular expressions in content selectors. For non-HA environments, you can use regular expressions in your content selectors.

Review the Content Selector Reference below for examples of HA and non-HA selectors.

Deployments	Supported Regular Expressions
PostgreSQL as HA	does not support regular expressions for searching
PostgreSQL without HA	use `PostgreSQL` regular expressions See the PostgreSQL documentation
OrientDB and H2	use `JEXL` regular expressions

Deployments

Supported Regular Expressions

PostgreSQL as HA

does not support regular expressions for searching

PostgreSQL without HA

use PostgreSQL regular expressions

See the PostgreSQL documentation

OrientDB and H2

use JEXL regular expressions

Creating a Content Selector

Select Content Selectors located in the Repository, from the Administration menu
Select Create selector to open the dialog
Enter a Name and Description for the content selector
Use the Search expression field to build your query using CSEL syntax

Preview Repository

Preview the results of the search expression by selecting the preview results button. The preview will only display 10 results to limit any performance impact.

Select a repository or grouping of repositories from the Preview Repository dropdown
Select the Preview button
1. Use the Filter to check for a specific result
2. Use the Name column to sort the results
Select Save to create the content selector

Content Selector Reference

Below are the attributes for content selectors that define path and format as values. The asset’s path must begin with a leading slash.

Attribute	Allowed Values
path	The path of your repository content with a leading slash
format	The format of the content for which you query (including the format is not required)

Content selector operators for HA Deployments

Operator	Description	Example
`==`	Matches text exactly	`format == "raw"`
`=^`	Starts with text	`path =^ "/org/apache/commons/"`
`and`	Match all expressions	`format == "maven2" and path =^ "/org/apache/commons"`
`or`	Match any expression	`format == "maven2" or format == "npm"`
`(expr)`	Group multiple expressions	`format == "npm" or (format == "maven2" and path =^ "/org/apache/commons")`

Content selector operators for Non-HA Deployment

Operator	Description	Example
`==`	Matches text exactly	`format == "raw"`
`=~`	Matches a Java regular expression pattern	`path =~ "^/org/apache/commons/.*"`
`=^`	Starts with text	`path =^ "/com/example/"`
`and`	Match all expressions	`format == "maven2" and path =~ "^/org/apache/commons/.*"`
`or`	Match any expression	`format == "maven2" or format == "npm"`
`(expr)`	Group multiple expressions	`format == "npm" or (format == "maven2" and path =~ "^/org/apache/commons/.*")`
`\-`	Escaping dashes in version ranges	`path =~ "[0-9a-zA-Z\-_]"`

Permissions for Tree Browsing

Read access selectors should include access to tree browsing in the Repository Manager UI. The content selectors need to include permissions for the parent directories of the artifacts.

Tree browsing for Highly Available (HA) environments

(format == "maven2" and (path =^ "/" OR path =^ "/org/" OR path =^ "/org/apache/" OR path =^ "/org/apache/commons/"))

Regular expression example including the parent directory:

format == "maven2" and path =~ "/|/org/|/org/apache/|/org/apache/commons/.*"

Alternatively, if you don't mind users being able to see any directory name (just not the contents), use the following.

format== "maven2" and path =~".*/|/org/apache/commons.*"