Skip to end of metadata
Go to start of metadata
Table of Contents

Overview

Artifactory allows you to control access to repositories via Permission Targets.

A permission target is comprised of a set of physical repositories (i.e. local or remote repositories - but not virtual ones), and a set of users or groups with a corresponding set of permissions defining how they can access the specified repositories. Include and Exclude patterns give you finer control over access to a specific set of artifacts within the repositories of the permission target.

For example, you can create a permission target that allows user "Builder" and group "Deployers" to read from and deploy artifacts to the libs-releases repository. Using the Include Pattern and Exclude Pattern settings you could implement finer control over specific artifacts within that repository if so desired.

To manage permissions, under the Admin tab go to Security | Permissions.

Managing Permissions

Page Contents


Creating a Permission Target

To create a Permission Target, in the Permissions Management page click "New" to display the New Permission Target dialog.

Creating a New Permission Target

Name

You must provide a unique name for each Permission Target.

Repositories

Select the repositories to which this Permission Target applies. You can use the Any Local Repository or Any Remote Repository check boxes as a convenience.

Include and Exclude Patterns

Using an "Ant-like" script, you can specify any number of Include or Exclude Patterns as a comma-separated list in the corresponding entry field. Alternatively, you can select one of the common predefined patterns in the corresponding drop-list. Selecting None from the drop list clears the corresponding entry field. 

In the example above, source files have been excluded from the Permission Target named "Not sources" using the appropriate Exclude Pattern.

User and Group Permissions

Using the corresponding tabs, check the permissions you wish to grant each user and group defined in your system.

User Permissions

The available permissions are as follows:

Manage

Allows changing the permission settings for other users on this permission target

Delete

Allows deletion or overwriting of artifacts

Deploy

Allows deploying artifacts and deploying to caches (i.e. populating caches with remote artifacts)

Annotate

Allows annotating artifacts and folders with metadata and properties

Read

Allows reading and downloading of artifacts


Multiple Permissions

Permissions are additive and must be explicitly granted. If a checkbox is not set for a user, then that user does not have the corresponding permission.

Permission Target Managers

By assigning the Manage permission to a user, you may designate them as the "Permission Target Manager". These users may assign and modify permissions granted to other users and groups for this Permission Target. In the Artifactory UI these users have access to the specific users they are allowed to manage. This can be useful on a multi-team site since you can delegate the responsibility of managing specific repositories to different team members.

An anonymous user cannot be granted the Manage permission.

Preventing Overwriting Deployments

You can prevent a user or group from overwriting a deployed release or unique snapshot by not granting the Delete permission. Non-unique snapshots can always be overwritten (provided the Deploy permission is granted).


Examining Permissions

 You can examine permissions in the context of repositories or users.

By Repository

In the Artifacts tab select Tree Browser and then select the repository you wish to examine. 

Select the Effective Permissions tab to see the permissions granted to users or groups for this repository.

Examining Permissions by Repository

By User

For any user, you can view the list of Permission Targets that the user is associated with (whether directly or through membership in a group).

In the Admin tab select Security | Users. Hover over a user and select the "Permissions" button to view that user's permissions.

Examining Permissions by User

 

  • No labels