[RTFACT-15361] Admin Groups are broken when authenticating with an API Key Created: 29/Nov/17  Updated: 08/Dec/17  Resolved: 06/Dec/17

Status: Resolved
Project: Artifactory Binary Repository
Component/s: Security
Affects Version/s: 5.6.2
Fix Version/s: 5.7.0

Type: Bug Priority: Critical
Reporter: Uriah Levy Assignee: Nadav Yogev
Resolution: Fixed Votes: 0
Labels: None


Admin privilliges granted by an Admin group (when the user itself is not a direct admin) no longer work when the API Key is used to authenticate.

To reproduce:

1.Create some user
2.Create a group and mark it as an Admin group (add the user into that group)
3.Try some admin-only action using the API Key (either with basic auth or the api key header) :
curl -XGET -u uriahl:AKCp5ZjzFrAR7dWgTbYMVBUSKnXrkoggs9vuSkcpmrd1T6db6WebT7RivLEiCeYoahVuea7Fc "http://localhost:8081/artifactory/api/system/configuration"

You'll get a 403.

Generated at Tue Sep 22 19:10:36 UTC 2020 using Jira 8.5.3#805003-sha1:b4933e02eaff29a49114274fe59e1f99d9d963d7.