How to setup privileges for content selectors

Sonatype Nexus Repository
1

We have been running 2 instances of Nexus (Nexus 2 & Nexus 3) and are preparing a new Nexus where both should be consolidated. I am currently trying to setup our content selectors, but I feel both the documentation (Privileges) and the UI itself are incorrect.

I have created a content selector that handles 2 formats: docker and maven. Now I would like to add a privilege for that, but it doesn’t accept multiple formats, even though the UI says ‘The format(s) for the repository’. The documentation doesn’t even mention the possibility to choose format(s).

Similar for the repository: the UI only offers me single repos or all, the documentation says ‘Repository: Use this dropdown to select from either a range of all repository contents, all repository contents of an individual format, or repositories created by you.

Seeing how we have some other formats as well, how would I setup a privilege that only acts on docker and maven? Do I need to setup multiple privileges? Do I need to add group repos just to get this working?

2

Hi Roland,

  • Content Selectors: You can create a content selector that matches multiple formats (e.g., using format == "docker" or format == "maven2" in your CSEL expression). This selector can be used to define what content is accessible, but the privilege that uses this selector must still be created per format/repository combination.

  • Privileges: When creating a “Repository Content Selector” privilege, you must select a single format and a single repository, or use * for all repositories. There is no option to select multiple specific formats or repositories in a single privilege. The REST API schema and UI both enforce this limitation, despite the ambiguous UI text about “format(s)” and “repository contents” Privileges, REST API.

  • Multiple Privileges Required: To grant access to both Docker and Maven content, you must create separate privileges for each format (and for each repository, if you want to be more granular). Assign both privileges to the relevant role(s).