Reputation: 6856
Can Sonatype Nexus be configured to restrict which artifacts a user can deploy?
I have installed Nexus 2.0.6 and the integration with my LDAP server is working (authentication only). Is there a way to configure Nexus so that only a set of developers are able to deploy a given artifact, or group?
I basically do not want a developer in Team A deploying an artifact that Team B is reponsible for.
Upvotes: 6
Views: 6557
Answers (2)
Reputation: 1109
Under Nexus 2.0.1, this is the solution that I've worked through and verified.
Caveats:
This allows one to restrict the "Artifact Upload" option to a directory hierarchy.
This is not quite the same as "deploy" or in conjunction with "release prepare".
Steps:
Remove the single privilege of "Artifact Upload" from all that presently have it, that you do not want to have it.
Create the "Repository-Target" that includes the directory mask of where you want to give access. Ex.
.*/com/mycompany/target-dir/.*
Double check the mask, it starts with period-asterisk AND ends with period-asterisk.Create the "Repository-Privilege" that maps to the Repository-Target you just created. Typically I include the repo-name in this repository-privilege-name, like "releases.com.mycompany.target-dir". This creates the CRUD entries (4) for said directory.
Next, create the "Role" based on the Repository Privileges you just created (4), plus "Artifact Upload". Total of 5 entries for the role. Use the "Apply Filter" here to help you find these items. I name this role something like "Upload.Role.Releases.Target-Dir". Again, when finished there should be 5 entries for this role:
Artifact Upload
com.mycompany.target-dir(create)
com.mycompany.target-dir(delete)
com.mycompany.target-dir(read)
com.mycompany.target-dir(update)
This is what constrains the upload role to this repo.directory.Create the User if it does not already exist, assign password.
Give the user the following Roles:
Nexus Deployment
Repo: All Maven Repositories(Read)
UI: Base UI Privileges
Upload.Role.Relases.Target-Dir
Hit save and you've got it. Later on, you can use this same approach to create a new Role for other repos (say Snapshot or 3rd Party), and keep the same directory mask.
Upvotes: 2
Reputation: 14951
You may partition a repository using repository targets, privileges, and roles as described in this Sonatype blog post. I tested this a few months back and it seemed to work well.
Upvotes: 6
Related Questions
- How to upload or deploy multiple versions of an artifact to Sonatype Nexus?
- How can specific Maven artifacts in Nexus be blocked
- nexus-staging-maven-plugin only upload artifacts that are explicitly set NOT to be uploaded
- How to block selected artifacts in Nexus?
- Maven release : Is there a way to prevent a module to be uploaded to Nexus?
- Sonatype Nexus, disallow downloading of source for certain account
- Prevent Jenkins from Installing Artifact to Local Maven Repository
- Nexus excluding entire artifacts from springsource repos
- Can I control which artifacts are available in Sonatype Nexus?
- Deploy Maven artifacts on Sonatype Nexus repository hosted on Linux