What is the minimal set of privileges required to deploy artifacts to Nexus 3?

maven deployment nexus nexus3
23,332

Solution 1

The general rule is nx-repository-admin privileges are for administering the repositories and their details; nx-repository-view privileges are for use of the repositories once set up. Assign the latter.

To tweak repository privileges of your Deployment user(s) you should use the nx-repository-view-*-*-* as the assigned privilege, instead of nx-repository-admin. So, remove all the privileges you addressed in your question, and replace the ‘Given’ field with nx-repository-view-*-*-*. Since the privilege is denoted with asterisks, your Deployment users can perform all the above actions (i.e. browse, read, edit, add, and delete).

See the screenshot for reference:

Configuring the nx-deploy Privilege for the Deployment Role

You can read more about Privileges in the Security chapter: https://help.sonatype.com/repomanager3/security/privileges

Solution 2

If you need minimal privileges to just deploy artifacts, nx-repository-view-*-*-edit is enough.

nx-repository-admin is used for administration and configuration

Repository Admin

These are privileges related to the administration and configuration of a specific repository

and edit is enough to modify repository content

edit

This action allows privileges to modify associated scripts, repository content, and repository administration.

BTW, you need nx-component-upload to upload components in web UI.

https://help.sonatype.com/repomanager3/user-interface/uploading-components

Solution 3

Successful deployment by maven 3 with Nexus 3.8.0 the following rights are required

nx-repository-view-*-*-edit
nx-repository-view-*-*-read

Solution 4

nx-repository-view-maven2-maven-snapshots-edit
nx-repository-view-maven2-maven-snapshots-read

"maven2"is recipe,"maven-snapshots" is your repository name.

Share:
23,332

Related videos on Youtube

Jane Wayne
Author by

Jane Wayne

Updated on April 18, 2020

Comments

  • Jane Wayne
    Jane Wayne about 4 years

    I'm using Nexus Repository Manager 3.1.0-04, and I want to create a user to just have deployment permissions. What are the minimal set of privileges required for that?

    Right now I created a role nx-deploy with the following privileges:

    • nx-repository-admin---read
    • nx-repository-admin---browse
    • nx-repository-admin---delete
    • nx-repository-admin---edit
    • nx-repository-admin---add

    Then I created a user deployment with the role nx-deploy. I can deploy artifacts now, however, I believe I am giving too much privileges? The admin part is not what I want the deployment user to be, so that part has me a bit nervous.

    Needless to say, there are just too many privileges to choose from under the security section.

  • Alberto
    Alberto about 7 years
    The minimal set of privileges I had to set to deploy an artifact consist of: nx-repository-view-*-*-{edit,read,add,browse}. I'm using Nexus Repository Manager OSS 3.2.1-01
  • Arghya C
    Arghya C almost 6 years
    Side notes: [1] The nx-repository-view-*-*-* privilege allows user to upload artifacts, but does NOT show UPLOAD option on the Nexus UI [2] For deployment user, consider adding browse, read, edit, add privileges separately and preferably, do NOT add the delete privilege.
  • Pierluigi Vernetto
    Pierluigi Vernetto over 5 years
    in Nexus 3.14 to be able to upload components (upload button) your deployment user should have the nx-component-upload privilege beside the nx-repository-view-*-*-* , see documentation here help.sonatype.com/repomanager3/user-interface/…
  • deHaar
    deHaar about 5 years
    Your post does not include any explanation, instead there is only an is enough, I think. That makes it a comment... You can still add information about why your line of code solves the problem. Your post will be removed if some others flag it as a comment, too.
  • Ben Asmussen
    Ben Asmussen almost 5 years
    Maven reads the repository before deployment. For this reason, the read role must be assigned.
  • y434y
    y434y over 2 years
    In version 3.18.0-01 privileges read and edit are enough (just like Ben mentioned in the not accepted answer) to deploy via CI/CD (Maven) provided by GitLab.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

mvn deploy snapshot to nexus oss failed with return code 500 internal error
Deploying multiple 3rd party JARs to global (internal) Maven nexus
Update Nexus repository with local artifacts
How to configure maven project to deploy both snapshot and releases to Nexus?
Error when deploying an artifact in Nexus
How to specify maven's distributionManagement organisation wide?
Sonatype Nexus 3 - get latest snapshot
Why can't I deploy from my local repository to a remote Maven repository?
Jenkins can not build with Maven. Might be proxy-issue
download of a Maven artifact with dependencies from Nexus using the command line