[RTFACT-16114] Artifactory Admin rights not persistent Created: 14/Mar/18  Updated: 25/Mar/19

Status: Open
Project: Artifactory Binary Repository
Component/s: Web UI
Affects Version/s: 5.3.1, 6.3.3
Fix Version/s: None

Type: Bug Priority: Normal
Reporter: Dominic Simpson Assignee: Unassigned
Resolution: Unresolved Votes: 3
Labels: artifactory
Environment:

Linux Centos 7 , test environment



 Description   

Hi,

I have issues with artifactory when providing admin rights to users
my observations are

1. When i give users admin access via the group method ie giving the group admin priviledges these users seem to assume admin rights as a one-time, one off login with admin module(tab) enabled Ok

.However when the user logs out and logs back into the artifactory UI they lose their admin rights ie when they hover their mouse over the admin tab.It shows a red circle (meaning admin access not available or disabled) basically looks like they have been stripped of the admin rights after one time login

2.In the UI under the admin => groups => Edit groups the user that was once on the right pane side of the "users" section box pane ..seem to automatically move back to the left side pane indicating that they have reverted back to ordinary non-admin user.

I my case i have added these user groups via AD and imported the groups(s) externally from AD.

3.I find that when i create a group locally(and not an AD imported/mapped group) and give that group admin rights then any internal or external(Active directory) users that i add to that group can remains consistently adn persistently an admin user with the admin tab rightly enabled forever regardless of how many times they log in and out of the UI

Is this a bug or a user config error on my part .

We are running 5.3.1 on Centos 7. Most users that have this issue are normal AD imported users (external) who are assigned to the AD imported artifactory admin groups but the admin rights dont persist ie they lose it upon login in once .

Also could you kindly send me the right syntax to create a group locally(not from UI) i am a bit new to artifactory but this is a sample format for creating AD groups using the ldap realm ..what is the syntax equivalent for internal or local

I guess my question is what will the realm and** realmattributes** be for a locally created admin
This is a redacted json code used to create the external users I have changed the realm from ldap to XXX and realmattributes i dont know what it should be for a local user
{
"name": "artifactory_local_admin",
"description" : "A locally created group with admin access",
"autoJoin" : "false",
"adminPrivileges" : "true",
"realm": "XXXXX",
"realmAttributes": "XXXXX" }}{{ key "XXXXXXXXXx" }}"



 Comments   
Comment by Dominic Simpson [ 14/Mar/18 ]

I forgot to add ..the main problem i am aiming to solve is that
1.AD imported users into artifactory seem to lose their admin rights somehow
2.I imported AD artifactory admin group but AD imported users who are in the right artficatory admin groups seem to have the artifactory admin tab (module) disable despite being in the right admin group

Comment by Patrice GODARD [ 06/Sep/18 ]

Hi,

I have the same issue with our AD users.

This happens very often.

I've voted for this issue.

Comment by Sandor Juhasz [ 27/Feb/19 ]

since version 6.8.3 on ldap admin permissions fail if added via group
worked on version 6.5.3

Comment by Louis Simon St-Laurent [ 25/Mar/19 ]

Hi,

We have the same problem (admin rights & AD users). Is there a fix planned?

Generated at Tue Sep 22 19:02:26 UTC 2020 using Jira 8.5.3#805003-sha1:b4933e02eaff29a49114274fe59e1f99d9d963d7.