403 FORBIDDEN - when using search bar in UI

Hey all,

We upgraded our nexus3 instance from 3.29.2 to 3.38.1

Afterwards we found out that our normal users cant use the search bar on top of the ui anymore. It always results in a 403 forbidden.

image2982×686 209 KB

I checked their rights and they have nx-search-read enabled, which should make them able to make search requests, I guess?

When I try to use the search, without logging in, so like an anonymous user, then I don’t get this 403. The only give privilege for anonymous users is the nx-search-read…

For the nx-admin users, there are no such issues either.
Could you tell me what could possibly be wrong? Or what else I should check?

Thanks in advance!

Kevin,

Thank you for your message. Please can you check whether the users have any other privileges assigned to them and if so, please can you list them.

Please can you also confirm whether the anonymous user is using the default nx-anonymous role? The nx-anonymous role has three privileges required for viewing search results namely nx-repository-view---browse, repository-view---read and nx-search-read .

Thanks
Olu Shiyanbade

Hey Olu,

Thanks for getting back to me.

So we have our own Anonymous role GS_ALM_Anonymous which contains the following:
“roles”: [“GS_ALM_Public”],
“privileges”: [“nx-search-read”]

And the public role GS_ALM_Public contains:
“roles”: [],
“privileges”: [“nx-repository-view-conda-public-conda-group-read”, “nx-repository-view-raw-internal-tool-library-read”, “nx-repository-view-raw-playwright-azureedge-browse”, “nx-repository-view-p2-tools.hana.ondemand.com.oxygen-read”, “nx-repository-view-p2-epic-ide-read”, “nx-repository-view-raw-sites-laa-browse”, “nx-repository-view-raw-x9x-raw-read”, “nx-repository-view-conda-public-conda-forge-group-read”, “nx-repository-view-p2-m2eclipse-for-subclipse-1.8.x-read”, “nx-repository-view-raw-x9x-raw-browse”, “nx-repository-view-raw-y9f-public-raw-browse”, “nx-repository-view-raw-internal-jenkins-update-read”, “nx-repository-view-raw-releases-x9x-raw-read”, “nx-repository-view-conda-public-conda-group-browse”, “nx-repository-view-raw-laa-raw-browse”, “nx-repository-view-raw-sites-laa-read”, “nx-repository-view-raw-y35-raw-browse”, “nx-repository-view-p2-m2eclipse-for-subclipse-1.8.x-browse”, “nx-repository-view-pypi-public-python-group-browse”, “nx-repository-view-raw-internal-jenkins-update-browse”, “nx-repository-view-raw-public-internal-binaries-read”, “nx-repository-view-conda-public-conda-forge-group-browse”, “nx-repository-view-raw-y35-raw-read”, “nx-repository-view-p2-epic-ide-browse”, “nx-repository-view-raw-laa-raw-read”, “nx-repository-view-p2-tools.hana.ondemand.com.oxygen-browse”, “nx-repository-view-raw-phantomjs-read”, “nx-repository-view-raw-node-sass-read”, “nx-repository-view-raw-internal-tool-library-browse”, “nx-repository-view-raw-releases-x9x-raw-browse”, “nx-repository-view-raw-y9f-public-raw-read”, “nx-repository-view-raw-phantomjs-browse”, “nx-repository-view-raw-public-internal-binaries-browse”, “nx-repository-view-pypi-public-python-group-read”, “nx-repository-view-raw-node-sass-browse”, “nx-repository-view-raw-playwright-azureedge-read”]

The User role (GS_ALM_Users) contains:
“roles”: [“GS_ALM_Public”],
“privileges”: [“nx-apikey-all”, “nx-search-read”, “nx-repository-view-maven2-public-shared-por-read”, “nx-repository-view-nuget-external-nuget-v3-gallery-read”, “nx-repository-view-nuget-public-nuget-v3-group-read”, “nx-repository-view-maven2-public-shared-por-browse”]