I am looking for help and documentation on the different privileges in general that goes more in depth than the NXRM security model tutorial explains.
Specifically I want to set up a role that I can assign to a system account used by our CI system (jenkins) to publish build artifacts to Nexus using the nexus platform plugin.
I created a role with the privilege
nx-component-upload and even added
nx-repository-view-*-*-add but the user does not have the “upload” option in the web UI.
nx-repository-view privileges the right ones to assign permissions to repositories? Or is a view something separate?
I found that the user needs
nx-repository-view-*-*-browse privilege as well. But that is still not enough to allow a package to be uploaded.
When trying form the command line I get:
+ dotnet nuget push --api-key **** --source https://<URI>/repository/nuget-hosted/ <package>-<version>.nupkg
info : Pushing <package>-<version>.nupkg to 'https://<URI>/repository/nuget-hosted/'...
info : PUT https://<URI>/repository/nuget-hosted/
info : Forbidden https://<URI>/repository/nuget-hosted/ 148ms
error: Response status code does not indicate success: 403 (Forbidden).
When trying from the Web UI I get:
Not authorized for requested path '<package.name>/<version>'
Another surprise was that the user needs the
nx-apikey-all privilege to generate/user an API key.
A detailed overview and/or more detailed documentation in the list of privileges would be most useful!
After testing some more I found that the only privilege required to upload to a repository is
nx-component-upload permission appears to be required for uploading via the Web UI, not for uploading via the API.
When using an APIKEY the privilege
nx-apikey-all is required as well.
Hope this helps someone.
@Sonatype: please provide better documentation/descriptions of the privileges!
It should be in the help docs already - Privileges
Note browse is a privilege related to accessing the UI so shouldn’t really be needed.
I read that page several times but that did not help me at all.
I actually tested some more and found that not only is the
browse not needed the
add privilege isn’t needed either to add content either…
I hope someone can elaborate the explanation on that page.
@mpiggott, that might be enough for someone who already knows how it works.
But for a new user this is IMHO not sufficient.