Permissions by Tag

we are currently evaluating nexus pro and the question we asked ourselves was wether is it possible to grant repository permissions by a tag.

Use case is that we have projects containing many (100+) repositories. Managing permissions there on repository level is quite challenging.


Afraid not.

As a general rule, you should be cautious about assigning users many fine grained permissions. While it shouldn’t have a meaningful impact on a request for a file, it can have implications for search & browse where a single request may result in evaluating each permission for a large number of components.

Agree, but you have literally just two options: grant a user access to a single repository or to all repository (of a type). Theres nothing in between.
If you have to fulfil security requirements like in ISO27001 you have to limit users access on project level. So the only option remaining is permission by repository. You have minimum 2 repositories by project (snapshot, release) by repo type… do the math.
Other repository managers address this by adding an abstraction layer for projects. Pity that nexus does not have such a thing…

Hi Christian,
You might want to look at using Content Selectors to limit access based on asset path. For example if your project is using Maven repository and its groupId is com.example.project then you can create a content selector with format = 'maven' and path ^= "/com/example/project".