Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-22620

Users can see repositories name that are aggregated to a virtual repository when they don't have permissions to that repositories.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: 4 - Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: UI, Virtual Repositories
    • Labels:
      None
    • Severity:
      Medium

      Description

      If a user has permission to one of the repositories that are aggregated to a virtual repository he will be able to see repositories that he does not have permission to under the "Included Repositories" section under the General details of the virtual repository in Artifactory UI.

      Steps to reproduce:

      1. Creat 3  local repositories: For example Repo-a, Repo-b and Global.
      2. Create a Virtual Repository that aggregates Repo-a and Global.
      3. Create a user and grant him permissions only for Repo-b and Global.
      4. Log in with that user and you will be able to see Repo-a name in The "included Repositories" under General details of the virtual repository.

       

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            hanank Hanan Kemelman
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Sync Status

                Connection: RTFACT Sync
                RTMID-22620 -
                SYNCHRONIZED
                • Last Sync Date: