Overview

As part of JFrog Projects, you will encounter new terminology and concepts that apply to projects and are important to understand before planning and start working with project. 

Please make sure you have read these topics before creating your first project:

Once you have planned your projects structure, you can proceed to create your first project and learn more about Managing Projects.

Available JFrog subscription levels:
Self-Hosted/Cloud (SaaS)



Basic Projects Terminology

To help you get started with Projects, refer to these basic terms and concepts.

The following diagram describes the basic components within the project entity.

Project

A project is an organizational management entity in the JFrog Platform for hosting your resources (repositories, builds, Release Bundle, and Pipelines, etc.) and associating users/groups as members with specific entitlements.

Assigned/ Unassigned Resources

The JFrog Platform differentiates between assigned and unassigned resources in the scope of projects. When upgrading to the Platform with Projects, all the resources are set as 'Unassigned' as they have not yet been assigned to any project. To support assigning multiple resources to projects, you can assign projects to resources from the unassigned tab.

Project Key

A unique Project Key that helps you identify and group your projects. For example, add a key that identifies the location of the project in the US Site or the type of team - the Developer Team.

Project Members

Users or groups that are assigned a role in a project become a Project Member and are listed in the Members list for the project.

Resources

Resources are entities within the JFrog Platform including repositories, builds, and Pipelines. A set of product-specific actions are available if the product is installed on your system.

Environments on the Project 

An Environment is used to aggregate project resources for simplified management of project resources (repository, Pipeline source, etc.) associated with either the DEV (Development) or PROD (Production) or both environments. It is mandatory to have at least one environment assigned to a resource and each resource is initially created in the DEV environment. You can assign a set of actions to the project members on each of the environments, providing you with an additional layer of role-based access granularity. 

Role-Based Access Control (RBAC) and Actions

JFrog Platform users and groups can perform a set of actions in projects using a set of dedicated project-related RBAC roles including Global and project roles. 

Project Personas

A set of dedicated project personas are set on the project level comprising of Global roles and Project roles. The main built-in role is the Project Admin role. By default, All Platform Administrators are automatically granted the Project Admin Role. For more information, see Project Roles and Members Concepts.

Xray Terminology and Concepts in Projects

Global Policy

A Policy that can be used in a Global Watch or a Project Watch when you have a set of rules that apply to more that one project or on all projects in your organization. A Platform Admin, a Security Manager, and  a user with Manage Policies permissions can create Global Policies. 

Global Watch 

A Watch that can be applied on resources in any project or unassigned resources that are not specific to a project. A Platform Admin, a Security Manager, and a user with Manage Watches permissions can create Global Watches. Starting from Xray 3.27.2, you can apply a Global Watch on a Project resource. For more information, see Global Watches

Create a Global Watch and Global Policy in the context of All:


Global Watch Violations

Violations created by a Global Watch are not project specific, and will appear in the list of violations where the scanned resource resides, in any project. A user cannot ignore a violation from a Global Watch, only a Security Manager with the Ignore Global Watch Violations privilege can create a Global Ignore Rule. 

Global Watches can only contain Global Policies.

Global Report 

A report that can be defined on all resources regardless of a project. A Platform Admin, a Security Manager, and a user with Manage Reports permissions can create Global Reports. Starting from Xray 3.27.2, you can create a Global Report on the Project scope. For more information, see Global Xray Reports.

Project Policy 

A Policy that is created and used in the scope of a specific project. A Platform Admin, a Project Admin, a Security Manager, and a user with Manage Policies permissions can create project level Policies. 

Project Watch

A Watch that is created and used in the scope of a specific project. A Platform Admin, a Project Admin, a Security Manager, and a user with Manage Watches permissions can create project level Watches.

Create a Project Policy and Project Watch in the context of the project you are in


Project Watch Violations

Violations created by a Project Watch are applicable to that specific project and will appear in the list of violations for a user within that project. Other users who are not members of the project will not see these violations. A user with Manage Watches permissions, a Platform Admin, a Project Admin, and a Security Manager can ignore a violation from a Project Watch. 

Project Report

A report that that can be defined on resources in a specific project. A Platform Admin, a Project Admin, a Security Manager, and a user with Manage Reports permissions can create project level Reports.


Project Roles and Members Concepts

Projects is based on the JFrog RBAC (Role-based Access Control) mechanism that simplifies the notion of permission targets. Three main categories of roles are supported: Platform, Global, and Project roles. These roles enable users that have been assigned to these roles to perform a set of predefined actions associated with the role on all of the resources in the project. 

The following Admin roles can manage projects and assign roles to project members and allocate resources:

  • Platform Admins are users that are set with the 'Administer the Platform' role and are referred to as Platform Admins in the scope of projects. 

  • Project Admins are assigned by the Platform Admins to perform project-related admin tasks. To gain more flexibility, Project Admins can assign roles to different environments within a project. Each project comes with these predefined environments: DEV (Development) and PROD (Production). Resources in the JFrog Platform that are associated with Environment and Role Actions define the different access rights to the resources within each of the environments.


Roles replace permission targets, that are only available when upgrading from a previous version to the JFrog Platform supporting projects.

Global and Project Role Types

Global and Project roles allow Platform users and groups assigned with these roles to perform a full array of actions on their projects. A user or group becomes a project Member after they have been assigned at least one Global or Project role within a selected project. The roles are intended to manage the access rights of users or groups according to their role definition. The roles can include: Project Admin, Developer, Contributor, Release Manager, etc. The additional breakdown into Project roles provides flexibility when assigning different roles to the same user across the different projects. Project roles are more specific and represent access rights relevant to the specific project. 

Global role-related procedures apply to all projects, whereas Project roles are project-specific and comprise of Global and Project roles. Global roles are assigned by the Platform Admin, whereas Project roles are defined by a Project Admin role. Global roles cannot be renamed or deleted; however the actions assigned to each role can be customized.

A project runs in either an DEV (Development) or PROD (Production) environment or both. You can assign a set of roles to project members on each of the environments, providing you with an additional layer of role-based access granularity. 

Project Supported Actions by Role Types

Roles are cumulative, and are associated with a set of actions that allow users to have multiple roles within the predefined Platform hierarchy: Platform Administrators have the 'Administer the Platform' role and have full control over the entire platform including projects, while Project roles apply to specific projects or multiple projects. For example, a user can be a Project Admin for Project A and be assigned a Contributor role in Project B. In cases whereby there is a clash between roles at different levels, for example between a Global role and a project level, the project level role takes precedence.

Roles can be assigned two main types of actions:

  • CRUD Actions: A set of predefined CRUD Actions that can be applied at the Global role and Project role levels to each of the resources, including Read Artifacts, Write Artifacts, Delete Artifacts, and Delete Builds.

  • Product-based Actions: A set of product-specific actions are available if the product is installed on your system.

    For example, if you have installed: 

    • JFrog Xray: The Trigger security scans action is supported

    • JFrog Distribution: The Distribute Release Bundle action is supported

    • JFrog Pipelines: The Trigger Pipeline and Manage Pipelines actions are supported

The following section lists the different roles and their associated actions.

Administer the Platform Role (Platform Admin)

This role is set at the User and Group level. By default, Platform administrators are considered 'Project Admins' and have full admin permissions on all the projects. They can view and manage the projects from the main projects dashboard and assign Projects Admins to perform admin types.

  • Create projects and delegate administrative rights for those projects. Sets quotas for projects, allowing groups to own multiple projects while still having the option to set quotas for individual projects

  • View the Projects dashboard

  • Set actions on Global roles

  • Assign Project Admins to Platform Users and Groups.

  • Grant Project Admins 'Manage Resources' and 'Manage Members' privileges.

  • Grant Project Admins Xray security privileges, such as 'Index Resources', 'Manage Security Assets, and 'Ignore Global Violations'.
  • Create Global and Project Policies, Watches and Reports.
  • Ignore Global Watch Violations.
  • Set storage quotas on projects

  • Perform CRUD operations on projects

  • Define CRUD operations across projects including moving, copying and deleting projects. 

  • Move repository reassignment from one project to another.

  • Create new resources (Repositories, Builds, and Pipelines, etc.)

Global Roles

Global roles are predefined high-level Project roles that allow project Members assigned with the role to perform a set of actions on all of the projects. The Platform admin defines the scope of the role by enabling the actions supported for each role and sets the environments - DEV (Development) or PROD (Production) in which the  Global role will apply. The predefined global roles are: 

  • Project Admin

  • Developer

  • Contributor

  • Viewer

  • Release Manager

  • Security Manager

The Global roles contain a set of actions that can be performed on resources within the projects including CRUD actions and product specific actions. 

Read Artifacts

Download artifacts and read the metadata.

Write Artifacts

Upload artifacts

Delete Artifacts

Delete or overwrites artifacts.

Delete Builds

Delete or overwrites artifacts.

Distribute Release Bundle

Requires an Enterprise+ license.

Distribute Release Bundles according to their destination permissions

Trigger Pipelines

 Manually trigger execution of steps

Manage Pipelines

Manage Pipelines: Create and edit pipeline sources

Trigger Security scan

Triggers Xray security scans on indexed resources

Manage Xray DataTrigger Xray scans on builds. Create and delete custom issues and licenses.
Manage ReportsManage, delete and modify Xray reports.
Manage Watches and PolicesManage, delete and modify Xray Watches and Policies.
Ignore Global ViolationsIgnore violations created by a Global Watch and are not project specific.

Project Admin Role

The Project Admin is a Global role and is equivalent to the Platform Admin role at the project level. 

  • Add and remove members in projects and across projects

  • Add resources to the project including: Repositories, Builds, and Pipelines sources.

  • Manually select resources to be indexed and scanned by Xray, if given the Index Resources privilege. 
  • Create and manage project level Policies, Watches, and Reports, if given the Security Manager role. 
  • Ignore Global Watch Violations if given the privilege.
  • Can onboard project Members (add/remove users/groups to roles)

  • Allow creating Ignore Rules on Security Violations

Project Roles

The Project Admin can assign a set of project-specific actions to Project roles, for example:

  • Automation Engineer

  • Contributor

  • Annotator

You can assign Basic or Advanced actions to your Project role.

Moving back from Advanced to Basic settings will delete your Advanced settings.

  • Basic Actions
    A set of actions that are performed on resources within the projects, including CRUD actions and product-specific actions. The actions associated with the basic Project roles are identical to Global Project actions.

    Read Artifacts

    Download artifacts and read the metadata.

    Write Artifacts

    Upload artifacts

    Delete Artifacts

    Delete or overwrites artifacts.

    Delete Builds

    Delete or overwrites artifacts.

    Distribute Release Bundle

    Requires an Enterprise+ license.

    Distribute Release Bundles according to their destination permissions

    Trigger Pipelines

     Manually trigger execution of steps

    Trigger Security scan

    Triggers Xray security scans on indexed resources

  • Advanced Project Actions
    To gain additional level of granularity on the resource level, you can assign advanced settings to repository and build resources.

    REPOSITORY

    Read

    Download artifacts and read the metadata.

    Annotate

    Annotate artifacts and folders with metadata and properties.

    Deploy/ Cache 

    Deploy artifacts and deploys to remote repository caches.

    Delete/ Overrite

    Delete or overwrites artifacts.

    Manage Xray Metadata

    Triggers Xray scans on artifacts in repositories. Members can create and delete custom issues and licenses

    RELEASE BUNDLES

    Read

    View and download Release Bundle artifacts from the relevant Release Bundle repository and reads the corresponding Release Bundles in the Distribution page

    Annotate

    Annotate Release Bundle artifacts and folder with metadata and properties

    Create

    Create Release Bundles

    Delete

    Deletes Release Bundles

    Distribute

    Create Release Bundles

    Manage Xray Metadata

    Trigger Xray scans on Release Bundles. Create and delete custom issues and license.

    BUILD

    Read

    View and download build info artifacts from the artifactory-build-info default repository and reads the corresponding build in the Builds page.

    Deploy

    Allows uploading and promoting build info artifacts

    Annotate

    Annotate build-info artifacts and folders with metadata and properties.

    Delete

    Delete build-info artifacts

    Manage Xray Data

    Trigger Xray scans on builds. Create and delete custom issues and licenses.

    PIPELINES

    Read

    View the available Pipeline sources

    Trigger

    Manually trigger execution of steps



What's Next

Start by planning your projects structure in the organization including the Global and Project roles. For more information, see Managing Project Roles and Members.
You can then proceed to create your first project.