Skip to main content

Roles

Roles aggregate privileges into a related context and can, in turn, be grouped to create more complex roles.

To create and manage roles, navigate to AdministrationSecurityRoles.

Note

You must have the nx-roles or nx-all privilege to access the Roles screen.

To create, edit, or delete roles, you must have the nx-privilege-read or nx-all privilege.

Sonatype Nexus Repository ships with pre-defined admin and anonymous roles, which you will see already in the list that appears on this screen. You will not be able to edit or delete these roles.

Roles listing

Creating Roles

To create a new role, take the following steps:

  1. Select the Create role button in the Roles page.

  2. Select the appropriate option from the Role Type drop-down menu; typically, this will be Nexus role for any role you are creating manually.

  3. In the Role Setup form, provide a Role ID and Role Name. Optionally, provide a description for the role.

    Screenshot_2024-02-26_at_10_03_47_AM.png

  4. In Applied Privileges, select the Modify Applied Privileges to manage the role's applied privileges.

    Screenshot_2024-02-26_at_9_22_46_AM.png

  5. A modal appears where you can select and de-select privileges given to this role. You can also use a filter to search for privileges to apply. You can see all the selected privileges by sorting by the checkbox Select column. After selecting privileges to apply to this role, select the Confirm button.

    Privileges-Selection-newin368.png

  6. If you wish to apply an existing role to this new role, select the Modify Applied Roles button in the Applied Roles section. A modal appears where you can select and de-select other roles to apply to this new role. You can also use a filter to search for other roles to apply.

  7. After selecting roles to apply to this role, select the Confirm button.

  8. Select the Save button to save the new role.

Managing Roles

To manage an existing role, take the following steps:

  1. Select the role you wish to edit from the list on the main Roles page.

  2. You may edit the Role Name and description; however, you will not be able to modify the Role ID.

  3. In Applied Privileges, select the Modify Applied Privileges to manage the role's applied privileges. A modal appears where you can select and de-select privileges given to this role. You can also use a filter to search for privileges to apply.

  4. After making changes to applied privileges, select the Confirm button.

  5. If you wish to modify which other roles are applied to this role, select the Modify Applied Roles button in the Applied Roles section. A modal appears where you can select and de-select other roles to apply to this new role. You can also use a filter to search for other roles to apply.

  6. After selecting roles to apply to this role, select the Confirm button.

  7. Select the Save button to save the changes you've made to this role.

Deleting Roles

To delete a role, take the following steps:

  1. Select the role you wish to delete from the list on the main Roles page.

  2. At the bottom of the form, select the Delete button. A modal appears asking you to confirm that you wish to delete the role.

  3. Select Confirm to confirm deletion.

Mapping External Groups to Nexus Repository Roles

The Create role button allows creating External role mapping to an external authorization system such as an identity provider (IdP). Use this to grant members of an externally managed group from your IdP privileges in the repository manager.

Prerequisites

  • Configure the Nexus Repository Realms to include your IdP's realm

  • Create an IdP connection with user and group configuration set

  • Test the connection by selecting the Verify connection button on the configuration screen

    To test the user and group settings, use the Verify user mapping button

  • Search for an external user and make sure the user groups are displayed

    1. In the Administration panel under Security select Users

    2. Change the source to the IdP

    3. Search for a known user identifier from the IdP

    4. Select the user and verify the External Roles are populated with the IdP's group the user belongs

Note

Check the user and group configuration when you do not see groups listed for the user.

Create an LDAP External Role Mapping

Use the following steps to create a role mapping:

  1. Select Roles from the Administration panel under Security

  2. Select the Create role button and External Role Mapping for your IdP

  3. The Mapped Role drop-down is populated with groups in your IdP domain. Choose the group to map

  4. Provide a name for the role

  5. Assign roles and privileges

  6. Select Create role

Troubleshooting

Switch on debug logging to obtain more information about the source of IdP-related problems.

  1. Select Logging from the Administration panel under Support.

  2. Locate the logger for your IdP under org.sonatype.nexus.<IdP> and set the logging level to DEBUG.

These logs contain more information about the cause of a problem. When opening support tickets, setting this logging after reproducing the problem but before generating a support zip, helps track down the issue.