Role management is a necessary security feature for products accessed by multiple teams and people within an organization. This is why Sonatype is happy to share some updates to user permissions within Nexus Lifecycle.
Permissions are now more granular than ever with a new grouping of policies focused on remediation efforts, including:
- Waive: ability to waive policy violations
- Security: ability to change security vulnerabilities
- License: ability to change licenses
Previously, these were included in the IQ Elements permission.
This new category allows admins to separate out permissions by user action. For example, if you have a separate security team, you can now assign “security” permissions specifically to that team, making them the only users allowed to take security actions.
When will this go into effect?
The new permissions will be automatically added to instances of IQ Server 83, which released today.
How does this change benefit my organization?
Granular permissions allow for more control over what users can and cannot do within Nexus Lifecycle, as well as provides the opportunity to create custom roles based on team organization. Another benefit is damage limitation - without the required permission, users cannot accidentally remove an application, override a license, etc.
What are the proactive measures to help prepare for the update?
Customers with custom or built in roles that included the ‘Edit IQ Element’ will automatically have the three new permissions enabled once you upgrade to IQ Server 83. As a result, you will need to disable these permissions if they were not originally included in your roles. More on Role Management.
Where can I ask additional questions?
You can reply directly to this post. If you are not already registered to the Sonatype User Community, you will be prompted to create an account. This will empower you to create and reply to other threads initiated by both the Sonatype team and your community peers. Notifications can be easily configured to ensure you are aware of updates for a specific thread and/or important announcements within the Community.