Using the latest version?
JFrog Platform User Guide
JFrog Artifactory 6.x Documentation
To get the latest version, go to the JFrog Unified Platform
Overview
You can manage access to repositories by defining users, assigning them to groups and setting up roles and permissions which can be applied to both users and groups.
Creating and Editing Users
To manage users who can access repositories in your system, in the Admin module, select Security | Users.
Page Contents
Create a new user by clicking New at the top of the users table.
Only administrators can create users
To create users you must be an administrator (unless you are using external authentication such as LDAP)
In the New User (or Edit User) dialog you can set the User Name, Email Address and Password for the user as well as the following parameters:
Admin | When set, this user is an administrator with all the ensuing privileges. For more details please refer to Administrator Users. |
Disable UI Access | When set, this user can only access Artifactory through the REST API. |
Can Update Profile | When set, this user can update their profile details (except for the password. Only an administrator can update the password). There may be cases in which you want to leave this unset to prevent users from updating their profile. For example, a departmental user with a single password shared between all department members. |
Disable Internal Password | When set, disables the fallback of using an internal password when external authentication (such as LDAP) is enabled. |
Artifactory stores passwords as hashes or encrypted hashes.
If the user has generated an API key, you can revoke it from the Actions menu.
Administrator Users
An administrator user is to Artifactory as a "root" is to UNIX systems. Administrators are not subject to any security restrictions, and we therefore recommend to create a minimum number of administrators in your system.
You can control which permission-targets administrators have access to thereby assigning responsibility for a specific repository path. For details please refer to Managing Permissions.
The Default Admin Account
The default user name and password for the built-in administrator user are: admin/password.
You should change the password after first log in. If you forget the admin account password, you can recover it. Please refer to Recreating the Default Admin User.
The Anonymous User
Artifactory supports the concept of anonymous users and installs with a pre-defined anonymous user to which you can assign permissions just like for any other user.
Anonymous access can be controlled under Security General Configuration. Set Allow Anonymous Access to activate the anonymous user. The anonymous user must be activated before you can fine tune its permissions.
When anonymous access is activated, anonymous requests can download cached artifacts and populate caches, regardless of other permissions defined.
Creating and Editing Groups
A group represents a role in Artifactory and is used with RBAC (Role-Based Access Control) rules.
To manage groups, in the Admin module select Security | Groups.
Create a new group by clicking New at the top of the groups table.
You must assign a unique name to each group and can add an optional description
Default Groups
When creating (or editing) a group you can set Automatically Join New Users to this Group.
When this parameter is set, any new users defined in the system are automatically assigned to this group.
This is particularly useful if users are defined automatically and you want them to be assigned to certain groups. For example, when using external authentication such as LDAP, users are automatically created on successful login and you can use this parameter to assign these users to particular groups by default.
Admin Privileges for a Group
If Admin Privileges is set, any users added to this group will automatically be assigned with admin privileges in the system.
For reasons of security when Admin Privileges is set, Automatically Join New Users to this Group is disabled so that new users are not automatically provided with admin privileges.
User Management
There are two ways to manage users' assignment to groups:
Setting permissions
In both cases, you can assign corresponding permissions to the user or group respectively on the same screen. For more details please refer to Managing Permissions.
Setting Groups for a User
You can assign and remove a user from groups when the user is created or by editing user's details later.
In the Admin module, under Security | Users, from the list of users, select the user you wish to assign to or remove from groups.
In the Related Groups section of the form, you can set which groups the user should be assigned to.
Setting Users for a Group
You can assign and remove a user from a group by editing the group's details.
In the Admin module, under Security | Groups, from the list of groups, select the group you wish to modify.
In the Users section of the form, you can set which users should be assigned to the group.
Recreating the Default Admin User
If you are unable to obtain administrator access, you will need to recreate the default administrator user in order to be able to manage users of your system. This is done by using the following REST API call on the Access service, through Artifactory as its proxy as follows:
curl -uaccess-admin:password -XPATCH <server:port>/artifactory/api/access/api/v1/users/admin -H "Content-Type: application/json" -d '{"password":"NewPassword"}'
Note that this requires the admin password for the access service (-uaccess-admin:password).
If you don't know the Access service's admin password, you can reset it using the Access service's bootstrap.creds file by following the instructions under Preparing the Credentials File in the JFrog Access User Guide while populating it with:
access-admin@localhost=<new-password> or access-admin@127.0.0.1=<new-password>
If the admin user has been deleted from Artifactory, the default admin user cannot be recreated through the above procedure. Instead, recreate the admin user through the following REST API call:
curl -uaccess-admin -XPOST http://localhost:8081/artifactory/api/access/api/v1/users -H "Content-Type: application/json" -d '{"username":"NewAdmin","password":"NewPassword","custom_data" : {"artifactory_admin" : {"value" : "true"}}}'
Disabling Remember Me at Login
The Artifactory login screen includes a Remember Me checkbox. If the user sets this checkbox when logging in, Artifactory will store a cookie in the browser for a period of 7 days allowing the user to be logged in automatically when starting up Artifactory.
Once the cookie expires, the user will have to log in again.
An Artifactory administrator can disable this feature and force all users to enter their credentials at every login. To do so simply add the following property to $ARTIFACTORY_HOME/etc/artifactory.system.properties and restart Artifactory:
artifactory.security.disableRememberMe=true
Overview
Content Tools