Skip to main content

Roles

Roles aggregate privileges into a related context and can, in turn, be grouped to create more complex roles.

To create and manage roles, navigate to AdministrationSecurityRoles.

Note

You must have the nx-roles or nx-all privilege to access the Roles screen.

To create, edit, or delete roles, you must have the nx-privilege-read or nx-all privilege.

Sonatype Nexus Repository ships with pre-defined admin and anonymous roles, which you will see already in the list that appears on this screen. You will not be able to edit or delete these roles.

Roles listing

Creating Roles

To create a new role, take the following steps:

  1. Select the Create role button in the Roles page.

  2. Select the appropriate option from the Role Type drop-down menu; typically, this will be Nexus role for any role you are creating manually.

  3. In the Role Setup form, provide a Role ID and Role Name. Optionally, provide a description for the role.

    Screenshot_2024-02-26_at_10_03_47_AM.png

  4. In Applied Privileges, select the Modify Applied Privileges to manage the role's applied privileges.

    Screenshot_2024-02-26_at_9_22_46_AM.png

  5. A modal appears where you can select and de-select privileges given to this role. You can also use a filter to search for privileges to apply. You can see all the selected privileges by sorting by the checkbox Select column. After selecting privileges to apply to this role, select the Confirm button.

    Screenshot_2024-02-26_at_9_27_13_AM.png

  6. If you wish to apply an existing role to this new role, select the Modify Applied Roles button in the Applied Roles section. A modal appears where you can select and de-select other roles to apply to this new role. You can also use a filter to search for other roles to apply.

  7. After selecting roles to apply to this role, select the Confirm button.

  8. Select the Save button to save the new role.

Managing Roles

To manage an existing role, take the following steps:

  1. Select the role you wish to edit from the list on the main Roles page.

  2. You may edit the Role Name and description; however, you will not be able to modify the Role ID.

  3. In Applied Privileges, select the Modify Applied Privileges to manage the role's applied privileges. A modal appears where you can select and de-select privileges given to this role. You can also use a filter to search for privileges to apply.

  4. After making changes to applied privileges, select the Confirm button.

  5. If you wish to modify which other roles are applied to this role, select the Modify Applied Roles button in the Applied Roles section. A modal appears where you can select and de-select other roles to apply to this new role. You can also use a filter to search for other roles to apply.

  6. After selecting roles to apply to this role, select the Confirm button.

  7. Select the Save button to save the changes you've made to this role.

Deleting Roles

To delete a role, take the following steps:

  1. Select the role you wish to delete from the list on the main Roles page.

  2. At the bottom of the form, select the Delete button. A modal appears asking you to confirm that you wish to delete the role.

  3. Select Confirm to confirm deletion.

Mapping External Groups to Nexus Roles

In addition to creating an internal role, the Create role button allows you to create an External role mapping to an external authorization system configured in the repository manager such as LDAP. This is something you would do, if you want to grant every member of an externally managed group (such as an LDAP group) a number of privileges and roles in the repository manager.

For example, assume that you have a group in LDAP named scm and you want to make sure that everyone in the scm group has administrative privileges.

Select External Role Mapping and LDAP to see a list of roles managed by that external realm in a dialog. Pick the desired scm group and confirm by pressing Create mapping.

Note

For faster access or if you cannot see your group name, you can also type in a portion or the whole name of the group and it will limit the dropdown to the selected text.

Once the external role has been selected, creates a linked role. You can then assign other roles and privileges to this new externally mapped role like you would do for any other role.

Any user that is part of the scm group in LDAP, receives all the privileges defined in the created role allowing you to adapt your generic role in LDAP to the repository manager-specific use cases you want these users to be allowed to perform.