Skip to main content

Anonymous Access

What is Anonymous Access?

Unauthenticated users accessing the user interface or downloading components falls under the anonymous user profile.

Read our Access Control Best Practices before configuring the anonymous user profile and role.

Enabling and Disabling Anonymous Access

Tip

You must have the appropriate read and update privileges for nx-settings to see and make changes to the Anonymous Access page on Sonatype Nexus Repository.

You can enable or disable anonymous access in Sonatype Nexus Repository by navigating to Settings → Security → Anonymous Access.

On this screen, you can select (to enable anonymous access) or de-select (to disable anonymous access) the Allow anonymous users to access the server checkbox.

You can also provide a Username for the anonymous user profile and specify a security Realm for the user profile to use.

Note

Realms specify the system where a user is defined. Therefore, you're likely to use a realm such as LDAP Realm (e.g., if you have a guest account defined in your LDAP system and want to use that user and its permissions here) for this field. You do not want to use a format-specific realm.

Anonymous access screen

Permissions for Anonymous Users

When anonymous access is enabled, any user accessing the UI or attempting to download components will be granted the anonymous user's permissions. By default, the anonymous user is assigned the nx-anonymous role, which has the following privileges:

  • nx-healthcheck-read - Read permissions for healthcheck

  • nx-search-read - Read permissions for search

  • nx-repository-view-*-*-read - Read permissions for repositories of all formats

  • nx-repository-view-*-*-browse - Browse permissions for repositories of all formats

The default anonymous role is read only. Create a new role to modify the privileges assigned to the anonymous user.

Special Note on Docker Repositories

Note that while the anonymous access configured on this screen does control most anonymous actions for Docker repositories, it does not control whether or not anonymous users can perform Docker pulls. That must be configured at the repository level as described in our Docker Authentication help topic.