Application Health Check required permissions for role assignment

Joey_Officer · March 25, 2026, 2:08pm

I’ve created a new user to perform health checks against the application, using the following permissions:

nx-healthcheck-read
nx-healthcheck-summary-read
nx-healthcheck-update

When I attempt to hit the healthcheck endpoint (/servicqeq/rest/metrics/ping) I’m getting a 403 forbidden:

curl -4 -u haproxy:healthcheck -v http://localhost:8080/service/rest/metrics/ping
*   Trying 127.0.0.1:8080...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8080 (#0)
* Server auth using Basic with user 'haproxy'
> GET /service/rest/metrics/ping HTTP/1.1
> Host: localhost:8080
> Authorization: Basic aGFwcm94eTpoZWFsdGhjaGVjaw==
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Server: Nexus/3.89.1-02 (COMMUNITY)
< Vary: Accept-Encoding
< X-Content-Type-Options: nosniff
< Content-Security-Policy: default-src http: data: blob: 'unsafe-inline'; script-src http: 'unsafe-inline' 'unsafe-eval'
< X-Siesta-FaultId: 8bd2651b-d793-4a35-ba84-6349bda893ac
< Content-Length: 0
<
* Connection #0 to host localhost left intact

Can someone help identify which permissions are needed to perform a healthcheck?

mpiggott · March 25, 2026, 2:16pm

Those healthcheck permissions refer to health check features in repository.

Ping is part of nexus:metrics:read, this endpoint only indicates the server is online and performs no checks about the system.

Joey_Officer · March 25, 2026, 6:17pm

Thanks, worked once I added nx-metrics-all (in the webUI)