API /v1/status/check only works with nx-all privileges

oliver.roos · June 6, 2023, 11:47am

Hi all,

I’m creating an Icinga2 check plugin for our Nexus OSS instance.
This should be easy as Nexus provides a perfect API call for that:

https://nexus.company.org/service/rest/v1/status/check

Indeed, it works perfectly as long as the user used to call the api has nx-all (=admin) priviliges.
I think it should work with the ‘healthcheck-read’ privilege. Any other priviliges needed?

Also tried with all of the healthcheck-* privileges.

With only ‘healthcheck-read’ privileges i get an 403 forbidden return.

Thanks for your help,
Oliver

mpiggott · June 6, 2023, 1:57pm

The healthcheck permissions relate to Repository Health Check and the IQ Server integration.

The status endpoint can leak information (i.e. the fact the default password is in use) thus requires greater permissions.

oliver.roos · June 7, 2023, 5:20am

Hi @mpiggott

Thanks for your quick response

The status endpoint can leak information (i.e. the fact the default password is in use) thus requires greater permissions.

With greater permissions you mean indeed nx-all? or are there any less privileged roles that would also work?