Can someone please help me understand how to use groups within
artifactory. Should I wait until 2.1 when individual repository
security is introduced?
It looks like today that in order for a user to upload/deploy from maven
to an artifact repository they need to be an admin. Once they are an
admin they can distribute to any repository they please (very scary to
me). I created some groups and tried to add some users but it did not
seem to have any effect. One suggestion I have would be to change the
interface for adding user's to groups as with many users it is really
hard to see who is in the group and who is not.
Thanks again for a great offering as this has been so much more stable
and performant than our installation of Archiva.
Is there a description anywhere of the security that is coming in the
next release of Artifactory when we will have repository based security?
Scott D. Ryan
Senior Java Developer/Architect
- - - - - - - - - - - - - - - - - - - - - - - - - -
This message is intended only for the personal and confidential use of the designated recipient(s) named. If you are not the intended recipient of this message, you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and should not be regarded as an offer to sell or as a solicitation of an offer to buy any financial product, an official confirmation of any transaction, or as an official statement of Aurora Loan Services. Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice.
Thanks for the feedbacks, sorry for the confusion,
and I will try to explain the requirements that Artifactory security is solving.
First, the deployment through the web interface has a limitation that we just solved http://www.jfrog.org/jira/browse/RTFACT-66 that forces users to be admin.
Anyway, the security access is to protect maven deployment using the standard maven-deploy-plugin activated during mvn deploy.
In our customers, each departements is using a different base maven groupId (com.company.department.project.XXX), so we made the resource name of the access control the group.
That's what is confusing: Groups are not group of users but groupId prefix in maven terms.
So when we create group the name is: com.company.departement, and for this group we declare: Readers, Deployers, and Administrators. This is today global for ALL Artifactory repositories.
The per repository security ( http://www.jfrog.org/jira/browse/RTFACT-64) was covered in our environment since for maven plugins we have usually com.company.build.XXX as maven groupId.
We understood now the need for per local repo security and we are working on it for next release ( 1.2.1).
For the user interface issue, we plan more on declaring LDAP or standard group (this time standard security group of users ;-) in Artifactory DB, and so doing the maven groupId to group of users association in the current UI.
When writing it, I can really understand the confusion. Futhermore, there is also another group terminology coming which is access group (http://www.jfrog.org/jira/browse/RTFACT-56 ) that will represent the association between the root URL name and a ordered group of internal repositories.
So, we have 3 completely different concepts called group. We are open to better naming suggestions!
Hope it helps,
On 3/16/07, Ryan, Scott D <[hidden email]> wrote:
|Free forum by Nabble||Edit this page|