What is the minimal set of privileges required to deploy artifacts to Nexus 3?
Solution 1
The general rule is nx-repository-admin
privileges are for administering the repositories and their details; nx-repository-view
privileges are for use of the repositories once set up. Assign the latter.
To tweak repository privileges of your Deployment user(s) you should use the nx-repository-view-*-*-*
as the assigned privilege, instead of nx-repository-admin
. So, remove all the privileges you addressed in your question, and replace the ‘Given’ field with nx-repository-view-*-*-*
. Since the privilege is denoted with asterisks, your Deployment users can perform all the above actions (i.e. browse, read, edit, add, and delete).
See the screenshot for reference:
Configuring the nx-deploy
Privilege for the Deployment
Role
You can read more about Privileges in the Security chapter: https://help.sonatype.com/repomanager3/security/privileges
Solution 2
If you need minimal privileges to just deploy artifacts, nx-repository-view-*-*-edit
is enough.
nx-repository-admin
is used for administration and configuration
Repository Admin
These are privileges related to the administration and configuration of a specific repository
and edit is enough to modify repository content
edit
This action allows privileges to modify associated scripts, repository content, and repository administration.
BTW, you need nx-component-upload
to upload components in web UI.
https://help.sonatype.com/repomanager3/user-interface/uploading-components
Solution 3
Successful deployment by maven 3 with Nexus 3.8.0 the following rights are required
nx-repository-view-*-*-edit
nx-repository-view-*-*-read
Solution 4
nx-repository-view-maven2-maven-snapshots-edit
nx-repository-view-maven2-maven-snapshots-read
"maven2"is recipe,"maven-snapshots" is your repository name.
Related videos on Youtube
Jane Wayne
Updated on April 18, 2020Comments
-
Jane Wayne about 4 years
I'm using Nexus Repository Manager 3.1.0-04, and I want to create a user to just have deployment permissions. What are the minimal set of privileges required for that?
Right now I created a role
nx-deploy
with the following privileges:- nx-repository-admin---read
- nx-repository-admin---browse
- nx-repository-admin---delete
- nx-repository-admin---edit
- nx-repository-admin---add
Then I created a user
deployment
with the rolenx-deploy
. I can deploy artifacts now, however, I believe I am giving too much privileges? Theadmin
part is not what I want the deployment user to be, so that part has me a bit nervous.Needless to say, there are just too many privileges to choose from under the security section.
-
Alberto about 7 yearsThe minimal set of privileges I had to set to deploy an artifact consist of:
nx-repository-view-*-*-{edit,read,add,browse}
. I'm using Nexus Repository Manager OSS 3.2.1-01 -
Arghya C almost 6 yearsSide notes: [1] The
nx-repository-view-*-*-*
privilege allows user to upload artifacts, but does NOT show UPLOAD option on the Nexus UI [2] For deployment user, consider addingbrowse
,read
,edit
,add
privileges separately and preferably, do NOT add thedelete
privilege. -
Pierluigi Vernetto over 5 yearsin Nexus 3.14 to be able to upload components (upload button) your deployment user should have the nx-component-upload privilege beside the nx-repository-view-*-*-* , see documentation here help.sonatype.com/repomanager3/user-interface/…
-
deHaar about 5 yearsYour post does not include any explanation, instead there is only an is enough, I think. That makes it a comment... You can still add information about why your line of code solves the problem. Your post will be removed if some others flag it as a comment, too.
-
Ben Asmussen almost 5 yearsMaven reads the repository before deployment. For this reason, the read role must be assigned.
-
y434y over 2 yearsIn version 3.18.0-01 privileges read and edit are enough (just like Ben mentioned in the not accepted answer) to deploy via CI/CD (Maven) provided by GitLab.