Managing Permissions

Skip to end of metadata
Go to start of metadata
Table of Contents
Expand all   Collapse all

Overview

Artifactory allows you to manage permissions per a Permission Target. A permission target is an concept that denotes a physical (non-virtual) repository and include and exclude patterns on the repository + a set of permissions.
Multiple permissions for groups or users, hence ACLs, can be attached to a single permission target.

An example permission target might be:
The repository target containing all files (by include/exclude patterns) under the 'libs-releases' repository has read and deploy permissions for the user 'Builder' and for the group 'Deployers'.

Permissions Management

You can create, edit and delete permission targets and permissions from the permissions page at Admin:Security:Permissions.

Creating a Permission Target

When creating a permission target, you first have to select the repositories the permission target will be applicable for.

Then, select multiple include and exclude patterns in Ant-like format. The combination of these patterns constitutes the set of paths that will be governed by this permission target. In the example below sources are specifically excluded from the permissions.
You can use the drop down lists to insert common predefined include and exclude patterns and customize them for your needs.

Finally, select the groups and users you wish to grant/revoke permissions. There are four possible permissions:

  1. Read - Allows reading/downloading artifacts.
  2. Annotate - Allows annotating artifacts and folders with metadata and properties.
  3. Deploy - Allows deploying artifacts and deploying to caches (populate them with remote artifacts).
  4. Delete - Allows deleting or overwriting artifacts.
  5. Admin - Allows adding permissions to other users on this permission target.

Permissions are additive and negative (actions not specifically granted are forbidden) by default.

Permission Target Admins

Permission targets administrators are local administrators to the specific permission target. As such, they can assign new permissions on the permission target to other users or groups. Upon logging-in to the web application, these users will have access to the specific section they allowed to administer.
This set up is extremely useful if you have a multi-team site and you wish to delegate to teams the role of managing their repositories.
The anonymous user cannot be permission target administrator.

Preventing Overwriting Deployments

The Delete permission can be used to prevent overwriting a deployed release or unique snapshot. Non-unique snapshots can always be overwritten (as long as the Deploy permission is on).

Examining Permissions

By Arifact/Path

You can examine the effective permissions of any item by selecting it in the Tree Browser (Artifacts:Tree Browser) and selecting the Effective Permissions tab.

Only users and groups that have assigned permissions will show up. If you don't see a user or a group in the table this means they do not have any permissions on the selected item.

By User

You can also select a specific user from the user management panel (Admin:Security:Users) to view the permission targets the users is part of (directly or by group association).
Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.