Create a new user by clicking New at the top of the users table.
In the New User (or Edit User) dialog you can set the User Name, Email Address and Password for the user as well as the following parameters:
ROLES | |
Administer Platform | When enabled, this user is an administrator with all the ensuing privileges. For more details please refer to Administrator Users. |
Manage Resources | When enabled, this user can manage resources including create, edit, and delete permissions on any resource type including Pipeline resources (Integration, Source, and Node Pools). |
Manage Policies | When enabled, this user can set Xray security and compliance policies. |
Manage Watches | When enabled, this user can add, edit, and delete Xray Watches. |
Manage Reports | When enabled, this user can create, generate, and manage Xray Reports. |
OPTIONS | |
Can Update Profile | When enabled, this user can update his profile details (except for the password. Only an administrator can update the password). There may be cases in which you want to leave this unset to prevent users from updating their profile. For example, a departmental user with a single password shared between all department members. |
Disable UI Access | When enabled, this user can only access the system through the REST API. |
Disable Internal Password | When enabled, disables the fallback mechanism for using an internal password when external authentication (such as LDAP) is enabled. |
If you are unable to obtain administrator access, you will need to recreate a default administrator user in order to be able to manage users of your system. This can be done using the Access bootstrap.creds
:
Create a file called bootstrap.creds
under JFROG_HOME/artifactory/var/etc/access
In case you are running an Artifactory HA cluster, make sure to do the changes on the primary node. After the last step, perform a rolling restart to the cluster (restart each node starting from the primary node). |
Populate the file with the following content:
<admin user name>@*=<your new password> |
Note: You can create the file with multiple lines to create multiple Administrators, for example:
admin1@*=password1 admin2@*=password2 |
Make sure the file has relevant permissions:
$ chmod 600 bootstrap.creds |
The permission assigned must be exactly 600. Neither a more permissive, nor a more restrictive permission setting will work |
The login screen includes a Remember Me checkbox. If the user sets this checkbox when logging in, the system will store a cookie in the browser for a period of 7 days allowing the user to be logged in automatically when starting up the system.
Once the cookie expires, the user will have to log in again.
An administrator can disable this feature and force all users to enter their credentials at every login. To do so simply add the following property to $JFROG_HOME/artifactory/var/etc/artifactory.system.properties
and restart the system:
artifactory.security.disableRememberMe=true |
A group represents a role in the system and is assigned a set of permissions.
A group represents a role and is used with RBAC (Role-Based Access Control) rules.
To manage groups, in the Administration module select Identity and Access | Groups.
Create a new group by clicking New at the top of the groups table.
Assign a unique name to each group with an optional description.
There are two ways to manage users' assignment to groups:
In both cases, you can assign corresponding permissions to the user or group respectively on the same screen. For more details please refer to Managing Permissions |
You can assign and remove a user from groups when the user is created or by editing user's details later.
In the Administration module, under Identity and Access | Users, from the list of users, select the user you wish to assign to or remove from the group.
In the Related Groups section of the form, you can set which groups the user should be assigned to.
You can assign and remove a user from a group by editing the group's details.
In the Administration module, under Identity and Access | Groups, from the list of groups, select the group you wish to modify.
In the Users section of the form, you can set which users should be assigned to the group.
When creating (or editing) a group you can set Automatically Join New Users to this Group.
When this parameter is set, any new users defined in the system are automatically assigned to this group.
This is particularly useful if users are defined automatically and you want them to be assigned to certain groups. For example, when using external authentication such as LDAP, users are automatically created on successful login and you can use this parameter to assign these users to particular groups by default.
If Admin Privileges is set, any users added to this group will automatically be assigned with admin privileges in the system.
For reasons of security when Admin Privileges is set, Automatically Join New Users to this Group is disabled so that new users are not automatically provided with admin privileges.