Bug in Grouping Docker Repositorys?

We use Nexus OSS.
There are some Private and Proxy Repos.
When i group this repos and give access to them, anonymous can pull from both, regardles of Settings of the Private Repos !?
Normale anonymous should could pull from the Proxy Repos (because its free for anonymous) but not from the Private Ones even it’s grouped together.
It seems, that auth is done against group and give full access to all Repositorys in this Group regardless what defined in the Repositorys inside the group …
Bug or Feature ?!

Hi Holger,
This is a feature documented as follows:

When a user is given a privilege to a group repository, then that user will also have that privilege to all transitive members of that group repository only when their request is directed to the group repository. Direct requests to indvidual member repositories will only work if the user is given explicit permission to the individual repository.

Take a look at Repository Management and Access Control to get a better grasp at how to enforce your access control needs.

think that should be chooseable by Admin.
Plan was to have one Url for Proxy and Hosted Repos and several Teams with different access rights.
Now i must configure many URLs to do the same …

Perhaps a nice feature request to implement this (group that use parent rights)