Permission without ability to modify policies and apply waivers

We are using a custom user “clmscan” with custom role with "IQ Elements"permission to manage organization, application, and perform application scans and nexus repos scanning.

The “IQ Elements” permission allows user “clmscan” to alter policy configuration and create/apply waiver without additional authorization .

We need fine-grained permission to manage organization, application, perform scans and repos scanning and deny access to modify policies and apply waivers.

Hi Jitendra,

As of release 83 (release notes) there is now finer-grained permissions to apply Policy Waivers, Change Component License and Change Component Security Vulnerabilities.
After you have upgraded to release 83, all current roles (clmscan in your case) that have the ‘Edit IQ Elements’ permission are automatically assigned these new additional permissions to keep backward compatibility. It will be up to the administrator of the Nexus IQ Server to alter permissions to suit.

See https://help.sonatype.com/nxiqmaster/managing/user-management/role-management for further details. If this does not accomplish your needs then please feel free to respond and we can discuss further.

Regards,

Mark

Hello Mark,

I installed nexus iq release 83 and disabled following access for my custom role. I logged in to nexus iq using user with custom role and I’m able to modify organizational
policies configuration.

I want to a setting to include or exclude access to organizational policies.

CanCannot : Waive
à Policy Violations

CanCannot: Change
à Licenses

CanCannot: Change
à Security Vulnerabilities

New change blocks policy, license or security violation change at component level, as expected.

Thanks,

Jitendra