Skip to end of metadata
Go to start of metadata
Table of Contents
Expand all   Collapse all

Overview

Artifactory allows you to manage permissions via Permission Targets. A permission target is a concept that denotes a physical (non-virtual) repository and includes and excludes patterns in the repository together with a set of permissions.
Multiple permissions for groups or users can be attached to a single permissions target, hence ACLs,

An example permission target:

The repository target containing all files (by include/exclude patterns) under the 'libs-releases' repository has read and deploy permissions for the user 'Builder' and for the group 'Deployers'.

Permissions Management

You can create, edit and delete permission targets and permissions from the permissions page.  Got to the Admin tab and then Security -> Permissions.

Creating a Permission Target

When creating a permission target, select the repositories the permission target is applicable to.

Select multiple include and exclude patterns in Ant-like format. The combination of these patterns constitute the set of paths to be governed by this permission target. In the example below, sources are specifically excluded from the permissions.

Use the dropdown lists to insert common predefined include and exclude patterns and customize them to suit your requirements.

Finally, select the Groups and Users you want to grant/revoke permissions for. There are five possible permissions:

  • Read - Allows reading/downloading artifacts.
  • Annotate - Allows annotating artifacts and folders with metadata and properties.
  • Deploy - Allows deploying artifacts and deploying to caches (populate them with remote artifacts).
  • Delete - Allows deleting or overwriting artifacts.
  • Admin - Allows adding permissions to other users on this permission target.

Permissions are additive and negative (actions not specifically granted are forbidden).

Permission Target Admins

Permission Target administrators are local administrators to the specific permission target.  They can assign new permissions on the permission target to other users or groups. Upon logging-in to the web application, these users have access to the specific section they allowed to administer.

This set up is extremely useful if you have a multi-team site and you want to delegate to teams the role of managing their repositories.

An anonymous user cannot be permission target administrator.

Preventing Overwriting Deployments

The Delete permission can be used to prevent overwriting a deployed release or unique snapshot. Non-unique snapshots can always be overwritten (as long as the Deploy permission is on).

Examining Permissions

By Arifact/Path

To examine the effective permissions of any item select it in the Tree Browser from the Artifacts tab and then Tree Browser and select the Effective Permissions tab.

Only users and groups with the assigned permissions appear. If you do not see a user or a group in the table, they do not have any permissions on the selected item.

By User

You can also select a specific user from the user management panel.  Go to the Admin tab and then Security -> Users to view the permission targets the user is part of (directly or by group association).
  • No labels