What is Anonymous Access?
In Sonatype Nexus Repository, any unauthenticated user accessing your Sonatype Nexus Repository instance or attempting to download components from your repositories operates under a designated anonymous user profile.
Carefully consider whether you wish to allow anonymous access to your repositories before enabling this feature. Read our Access Control Best Practices before configuring your anonymous user profile and role.
Enabling and Disabling Anonymous Access
You must have the appropriate read and update privileges for nx-settings to see and make changes to the Anonymous Access page on Sonatype Nexus Repository. (See the Privileges help topic for more information.)
You can enable or disable anonymous access in Sonatype Nexus Repository by navigating to Administration → Security → Anonymous Access.
On this screen, you can select (to enable anonymous access) or de-select (to disable anonymous access) the Allow anonymous users to access the server checkbox.
You can also provide a Username for the anonymous user profile and specify a security Realm for the user profile to use.
Permissions for Anonymous Users
When anonymous access is enabled, any user accessing the UI or attempting to download components will be granted the anonymous user's permissions. By default, the anonymous user is assigned the nx-anonymous role, which has the following default privileges (See the Privileges help topic for full details on privileges):
- nx-healthcheck-read - Read permissions for healthcheck
- nx-search-read - Read permissions for search
- nx-repository-view-*-*-read - Read permissions for repositories of all formats
- nx-repository-view-*-*-browse - Browse permissions for repositories of all formats
You can modify this by adjusting the anonymous user's roles as described in the Roles help topic.
Special Note on Docker Repositories
Note that while the anonymous access configured on this screen does control most anonymous actions for Docker repositories, it does not control whether or not anonymous users can perform Docker pulls. That must be configured at the repository level as described in our Docker Authentication help topic.