I am currently busy with the configuration of the security of my new NXRM3.
And i have a little problem with the privileges.
I own 3 roles: user, builder and deployer.
Here is the usage made of each of these roles:
user : can read to all repositories and it can also add new items in the “proxy” repositories and finally it can not add new item to the “hosted” repositories (like Maven release and Maven snasphot)
deployer: is used by a Jenkins user and is the only one role allowed to add items to “hosted” repositories (like Maven release and Amven snasphot). It has no other permision than the creation of new tiems in “hosted” repositories. I think that the privileges for this role are correct because Maven build currently failed if the build needs to downaload some new depenpendencies from internet (the build on Jenkins will be odne by the user with “builder” role.
builder: THis role is a little bit like user but it can not add new item to the “proxy” repositories.
Can you tell me how must i configure the privileges for the “user” and “builder” roles ? Because currently, the builder is allowed the add item to the “proxy” repositories which is not what i want.
I’m guessing that you might have used the nx-repository-view-maven2-*-xxx privileges?
If that’s the case then the only way I know of having the two different users having mutual exclusive permissions would be to add each individual repositories privileges (e.g. nx-repository-view-maven2-maven-central-xxx) to the users for the repositories that match what you are wanting to do (e.g. giving the deployer user add permissions to the hosted set of repositories but not for the proxy ones).
My problem is not with the “deployer” role but with the “builder” role for wich i want only read access to the proxy repositories but that must never add new item to those "proxyé repositories.
Any idea on how to do that (i have not give the privilege nx-repository-view-maven2-maven-*-add to the role but the deployer continue to add items to proxy repositories.
Unfortunately if you don’t have *-add added to that role and its still letting proxy adds to work then I’m not sure of anything else that would help.
If you’re a commercial customer I’d suggest raising a support ticket to work through your use-case else hopefully one of the Sonatype team might be able to guide you.