Anonymous Access

What is Anonymous Access?

In Sonatype Nexus Repository, any unauthenticated user accessing your Sonatype Nexus Repository instance or attempting to download components from your repositories operates under a designated anonymous user profile.

Carefully consider whether you wish to allow anonymous access to your repositories before enabling this feature. Read our Access Control Best Practices before configuring your anonymous user profile and role.

Enabling and Disabling Anonymous Access

You must have the appropriate read and update privileges for nx-settings to see and make changes to the Anonymous Access page on Sonatype Nexus Repository. (See the Privileges help topic for more information.)

You can enable or disable anonymous access in Sonatype Nexus Repository by navigating to Administration → Security → Anonymous Access

On this screen, you can select (to enable anonymous access) or de-select (to disable anonymous access) the Allow anonymous users to access the server checkbox.

You can also provide a Username for the anonymous user profile and specify a security Realm for the user profile to use.

Realms specify the system where a user is defined. Therefore, you're likely to use a realm such as Local Authorizing Realm or LDAP Realm (e.g., if you have a guest account defined in your LDAP system and want to use that user and its permissions here) for this field. You do not want to use a format-specific realm. See the Realms help topic for detailed information about security realms.

Anonymous access screen

Permissions for Anonymous Users

When anonymous access is enabled, any user accessing the UI or attempting to download components will be granted the anonymous user's permissions. By default, the anonymous user is assigned the nx-anonymous role, which has the following default privileges (See the Privileges help topic for full details on privileges):

  • nx-healthcheck-read - Read permissions for healthcheck
  • nx-search-read - Read permissions for search
  • nx-repository-view-*-*-read - Read permissions for repositories of all formats
  • nx-repository-view-*-*-browse - Browse permissions for repositories of all formats

You can modify this by adjusting the anonymous user's roles as described in the Roles help topic.

It is not possible to adjust the default anonymous role, so you will need to either give the anonymous user additional roles or create a new role to replace the default one.

Special Note on Docker Repositories

Note that while the anonymous access configured on this screen does control most anonymous actions for Docker repositories, it does not control whether or not anonymous users can perform Docker pulls. That must be configured at the repository level as described in our Docker Authentication help topic.