Reputation: 8855
What is the minimal set of privileges required to deploy artifacts to Nexus 3?
I'm using Nexus Repository Manager 3.1.0-04, and I want to create a user to just have deployment permissions. What are the minimal set of privileges required for that?
Right now I created a role nx-deploy with the following privileges:
- nx-repository-admin---read
- nx-repository-admin---browse
- nx-repository-admin---delete
- nx-repository-admin---edit
- nx-repository-admin---add
Then I created a user deployment with the role nx-deploy. I can deploy artifacts now, however, I believe I am giving too much privileges? The admin part is not what I want the deployment user to be, so that part has me a bit nervous.
Needless to say, there are just too many privileges to choose from under the security section.
Upvotes: 54
Views: 30486
Answers (4)
Reputation: 11
nx-repository-view-maven2-maven-snapshots-edit
nx-repository-view-maven2-maven-snapshots-read
"maven2"is recipe,"maven-snapshots" is your repository name.
Upvotes: 1
Reputation: 994
Successful deployment by maven 3 with Nexus 3.8.0 the following rights are required
nx-repository-view-*-*-edit
nx-repository-view-*-*-read
Upvotes: 6
Reputation: 485
If you need minimal privileges to just deploy artifacts, nx-repository-view-*-*-edit is enough.
nx-repository-admin is used for administration and configuration
Repository Admin
These are privileges related to the administration and configuration of a specific repository
and edit is enough to modify repository content
edit
This action allows privileges to modify associated scripts, repository content, and repository administration.
BTW, you need nx-component-upload to upload components in web UI.
https://help.sonatype.com/repomanager3/user-interface/uploading-components
Upvotes: 10
Reputation: 908
The general rule is nx-repository-admin privileges are for administering the repositories and their details; nx-repository-view privileges are for use of the repositories once set up. Assign the latter.
To tweak repository privileges of your Deployment user(s) you should use the nx-repository-view-*-*-* as the assigned privilege, instead of nx-repository-admin. So, remove all the privileges you addressed in your question, and replace the ‘Given’ field with nx-repository-view-*-*-*. Since the privilege is denoted with asterisks, your Deployment users can perform all the above actions (i.e. browse, read, edit, add, and delete).
See the screenshot for reference:
Configuring the nx-deploy Privilege for the Deployment Role
You can read more about Privileges in the Security chapter: https://help.sonatype.com/repomanager3/security/privileges
Upvotes: 89
Related Questions
- how to deploy my artifact on to my nexus?
- Who should have the authority to upload Maven artifacts to the remote repository?
- How to manually deploy artifacts in Nexus Repository Manager OSS 3
- What privileges does a user need to upload/deploy to every repository hosted on local Sonatype Nexus 3.0 server?
- Maven: Failed to deploy artifacts, Acces denied
- Upload artifacts to Nexus through UI
- Upload an artifact to Nexus 3 without Maven
- Using nexus deployment role - Error installing artifact's metadata - Authorization failed
- Nexus oss unpack plugin privilege
- nexus admin rights for particular repository