Need help on user/group setup

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Need help on user/group setup

Reinhard Nägele
I am still evaluating Artifactory and do like it, but I can't really figure out how security works. I set up several users and groups and assigned different permissions. Whatever I tried, any user I had set up only had browse and search functionality in the GUI. I would like to set up different users according to the available permissions (admins, deployers, viewers). How would I do that? We definitely need better documentation, especially in this area.
 
Thanks,
Reinhard
 
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Need help on user/group setup

Yoav Landman
Administrator
Security works the following way:

GROUPS
You can create groups, each group uses a groupId prefix as its name.
This prefix translates to a path prefix for artifacts in the
repositories, and is used to determine the effective permissions when
referring to a repository path.
For each group you can assign users to 3 types of roles:
(1) Deployers - can deploy/remove (undeploy) artifacts.
(2) Viewers - can download artifacts (simple browsing is still enabled
for anyone), unless a repository has the <anonDownloadsAllowed> flag
set to true (the default), then anybody can download regardless.
(3) Admins - currently unimplemented (will be used to allow management
of users within a group in the next version).

USERS
A defined user can either be a simple user or an admin which is
similar to a root user (has all 3 roles for any group).

We will add this to the docs.

HTH,

Yoav

On 3/13/07, Reinhard Nägele <[hidden email]> wrote:

>
>
> I am still evaluating Artifactory and do like it, but I can't really figure
> out how security works. I set up several users and groups and assigned
> different permissions. Whatever I tried, any user I had set up only had
> browse and search functionality in the GUI. I would like to set up different
> users according to the available permissions (admins, deployers, viewers).
> How would I do that? We definitely need better documentation, especially in
> this area.
>
> Thanks,
> Reinhard
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Artifactory-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/artifactory-users
>
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Need help on user/group setup

Yoav Landman
Administrator
Just to make this clearer by example, if you need to deploy an
artifact with a groupId of "org.apache.maven" you will need to create
a group with any of the following names (prefixes):
org, org.apache or org.apache.maven
and assign a user as a deployer to this group.

For authenticating via Maven, this user will have to add the following
to his settings.xml:
<servers>
 <server>
   <id>repository-name-used-in-the-pom-to-refer-to-artifactory</id>
   <username>myUsername</username>
   <password>myPassword</password>
 </server>
</servers>

On 3/13/07, Yoav Landman <[hidden email]> wrote:

> Security works the following way:
>
> GROUPS
> You can create groups, each group uses a groupId prefix as its name.
> This prefix translates to a path prefix for artifacts in the
> repositories, and is used to determine the effective permissions when
> referring to a repository path.
> For each group you can assign users to 3 types of roles:
> (1) Deployers - can deploy/remove (undeploy) artifacts.
> (2) Viewers - can download artifacts (simple browsing is still enabled
> for anyone), unless a repository has the <anonDownloadsAllowed> flag
> set to true (the default), then anybody can download regardless.
> (3) Admins - currently unimplemented (will be used to allow management
> of users within a group in the next version).
>
> USERS
> A defined user can either be a simple user or an admin which is
> similar to a root user (has all 3 roles for any group).
>
> We will add this to the docs.
>
> HTH,
>
> Yoav
>
> On 3/13/07, Reinhard Nägele <[hidden email]> wrote:
> >
> >
> > I am still evaluating Artifactory and do like it, but I can't really figure
> > out how security works. I set up several users and groups and assigned
> > different permissions. Whatever I tried, any user I had set up only had
> > browse and search functionality in the GUI. I would like to set up different
> > users according to the available permissions (admins, deployers, viewers).
> > How would I do that? We definitely need better documentation, especially in
> > this area.
> >
> > Thanks,
> > Reinhard
> >
> > -------------------------------------------------------------------------
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance to share your
> > opinions on IT & business topics through brief surveys-and earn cash
> > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> > _______________________________________________
> > Artifactory-users mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/artifactory-users
> >
> >
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Need help on user/group setup

Reinhard Nägele
In reply to this post by Reinhard Nägele
Thanks, I get that now. What if I don't need a restriction to groupIds? I want to globally allow users to be deployers. And how does this relate to the GUI? I want to also either enable or disable the deploy functionality to a user in the GUI. The same goes for import/export.

Reinhard

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Yoav Landman
Sent: Dienstag, 13. März 2007 11:42
To: [hidden email]
Subject: Re: [Artifactory-users] Need help on user/group setup

Just to make this clearer by example, if you need to deploy an artifact with a groupId of "org.apache.maven" you will need to create a group with any of the following names (prefixes):
org, org.apache or org.apache.maven
and assign a user as a deployer to this group.

For authenticating via Maven, this user will have to add the following to his settings.xml:
<servers>
 <server>
   <id>repository-name-used-in-the-pom-to-refer-to-artifactory</id>
   <username>myUsername</username>
   <password>myPassword</password>
 </server>
</servers>

On 3/13/07, Yoav Landman <[hidden email]> wrote:

> Security works the following way:
>
> GROUPS
> You can create groups, each group uses a groupId prefix as its name.
> This prefix translates to a path prefix for artifacts in the
> repositories, and is used to determine the effective permissions when
> referring to a repository path.
> For each group you can assign users to 3 types of roles:
> (1) Deployers - can deploy/remove (undeploy) artifacts.
> (2) Viewers - can download artifacts (simple browsing is still enabled
> for anyone), unless a repository has the <anonDownloadsAllowed> flag
> set to true (the default), then anybody can download regardless.
> (3) Admins - currently unimplemented (will be used to allow management
> of users within a group in the next version).
>
> USERS
> A defined user can either be a simple user or an admin which is
> similar to a root user (has all 3 roles for any group).
>
> We will add this to the docs.
>
> HTH,
>
> Yoav
>
> On 3/13/07, Reinhard Nägele <[hidden email]> wrote:
> >
> >
> > I am still evaluating Artifactory and do like it, but I can't really
> > figure out how security works. I set up several users and groups and
> > assigned different permissions. Whatever I tried, any user I had set
> > up only had browse and search functionality in the GUI. I would like
> > to set up different users according to the available permissions (admins, deployers, viewers).
> > How would I do that? We definitely need better documentation,
> > especially in this area.
> >
> > Thanks,
> > Reinhard
> >
> > --------------------------------------------------------------------
> > ----- Take Surveys. Earn Cash. Influence the Future of IT Join
> > SourceForge.net's Techsay panel and you'll get the chance to share
> > your opinions on IT & business topics through brief surveys-and earn
> > cash
> > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=D
> > EVDEV _______________________________________________
> > Artifactory-users mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/artifactory-users
> >
> >
>
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Artifactory-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/artifactory-users


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Need help on user/group setup

Yoav Landman
Administrator
The same deployment policies applies in the UI (you cannot deploy to a group your are not a deployer of).
Import/export is an admin feature and can only be used by admins.
We will add repository-based roles in the upcoming release (this seems to be a popular request), but for now to allow users to deploy globally they have to be admins.

On 3/13/07, Reinhard Nägele <[hidden email]> wrote:
Thanks, I get that now. What if I don't need a restriction to groupIds? I want to globally allow users to be deployers. And how does this relate to the GUI? I want to also either enable or disable the deploy functionality to a user in the GUI. The same goes for import/export.

Reinhard

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Yoav Landman
Sent: Dienstag, 13. März 2007 11:42
To: [hidden email]
Subject: Re: [Artifactory-users] Need help on user/group setup

Just to make this clearer by example, if you need to deploy an artifact with a groupId of "org.apache.maven" you will need to create a group with any of the following names (prefixes):
org, org.apache or org.apache.maven
and assign a user as a deployer to this group.

For authenticating via Maven, this user will have to add the following to his settings.xml:
<servers>
<server>
   <id>repository-name-used-in-the-pom-to-refer-to-artifactory</id>
   <username>myUsername</username>
   <password>myPassword</password>
</server>
</servers>

On 3/13/07, Yoav Landman <[hidden email]> wrote:

> Security works the following way:
>
> GROUPS
> You can create groups, each group uses a groupId prefix as its name.
> This prefix translates to a path prefix for artifacts in the
> repositories, and is used to determine the effective permissions when
> referring to a repository path.
> For each group you can assign users to 3 types of roles:
> (1) Deployers - can deploy/remove (undeploy) artifacts.
> (2) Viewers - can download artifacts (simple browsing is still enabled
> for anyone), unless a repository has the <anonDownloadsAllowed> flag
> set to true (the default), then anybody can download regardless.
> (3) Admins - currently unimplemented (will be used to allow management
> of users within a group in the next version).
>
> USERS
> A defined user can either be a simple user or an admin which is
> similar to a root user (has all 3 roles for any group).
>
> We will add this to the docs.
>
> HTH,
>
> Yoav
>
> On 3/13/07, Reinhard Nägele <[hidden email]> wrote:
> >
> >
> > I am still evaluating Artifactory and do like it, but I can't really
> > figure out how security works. I set up several users and groups and
> > assigned different permissions. Whatever I tried, any user I had set
> > up only had browse and search functionality in the GUI. I would like
> > to set up different users according to the available permissions (admins, deployers, viewers).
> > How would I do that? We definitely need better documentation,
> > especially in this area.
> >
> > Thanks,
> > Reinhard
> >
> > --------------------------------------------------------------------
> > ----- Take Surveys. Earn Cash. Influence the Future of IT Join
> > SourceForge.net's Techsay panel and you'll get the chance to share
> > your opinions on IT & business topics through brief surveys-and earn
> > cash
> > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=D
> > EVDEV _______________________________________________
> > Artifactory-users mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/artifactory-users
> >
> >
>
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Artifactory-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/artifactory-users

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Artifactory-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/artifactory-users

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Need help on user/group setup

Reinhard Nägele
In reply to this post by Reinhard Nägele
I still cannot figure out how to enable the deploy functionality in the UI for users other than the admin. I created a group "com", a user "foo", and gave that user viewer and deployer permissions. When I log in as this user, the deploy functionality is still disabled. Shouldn't a user that has deployer permissions always have the deploy functionality enabled and only get an error if they deploy anything with a non-matching groupId?

And thanks for your responsiveness. Do you have a timeframe for repo-base roles? This feature will be highly appreciated.

Regards,
Reinhard

________________________________

From: [hidden email] [mailto:[hidden email]] On Behalf Of Yoav Landman
Sent: Dienstag, 13. März 2007 21:30
To: [hidden email]
Subject: Re: [Artifactory-users] Need help on user/group setup


The same deployment policies applies in the UI (you cannot deploy to a group your are not a deployer of).
Import/export is an admin feature and can only be used by admins.
We will add repository-based roles in the upcoming release (this seems to be a popular request), but for now to allow users to deploy globally they have to be admins.


On 3/13/07, Reinhard Nägele <[hidden email]> wrote:

        Thanks, I get that now. What if I don't need a restriction to groupIds? I want to globally allow users to be deployers. And how does this relate to the GUI? I want to also either enable or disable the deploy functionality to a user in the GUI. The same goes for import/export.
       
        Reinhard
       
        -----Original Message-----
        From: [hidden email] [mailto: [hidden email] <mailto:[hidden email]> ] On Behalf Of Yoav Landman
        Sent: Dienstag, 13. März 2007 11:42
        To: [hidden email] <mailto:[hidden email]>
        Subject: Re: [Artifactory-users] Need help on user/group setup
       
        Just to make this clearer by example, if you need to deploy an artifact with a groupId of "org.apache.maven" you will need to create a group with any of the following names (prefixes):
        org, org.apache or org.apache.maven
        and assign a user as a deployer to this group.
       
        For authenticating via Maven, this user will have to add the following to his settings.xml:
        <servers>
        <server>
           <id>repository-name-used-in-the-pom-to-refer-to-artifactory</id>
           <username>myUsername</username>
           <password>myPassword</password>
        </server>
        </servers>
       
        On 3/13/07, Yoav Landman <[hidden email]> wrote:
        > Security works the following way:
        >
        > GROUPS
        > You can create groups, each group uses a groupId prefix as its name.
        > This prefix translates to a path prefix for artifacts in the
        > repositories, and is used to determine the effective permissions when
        > referring to a repository path.
        > For each group you can assign users to 3 types of roles:
        > (1) Deployers - can deploy/remove (undeploy) artifacts.
        > (2) Viewers - can download artifacts (simple browsing is still enabled
        > for anyone), unless a repository has the <anonDownloadsAllowed> flag
        > set to true (the default), then anybody can download regardless.
        > (3) Admins - currently unimplemented (will be used to allow management
        > of users within a group in the next version).
        >
        > USERS
        > A defined user can either be a simple user or an admin which is
        > similar to a root user (has all 3 roles for any group).
        >
        > We will add this to the docs.
        >
        > HTH,
        >
        > Yoav
        >
        > On 3/13/07, Reinhard Nägele <[hidden email]> wrote:
        > >
        > >
        > > I am still evaluating Artifactory and do like it, but I can't really
        > > figure out how security works. I set up several users and groups and
        > > assigned different permissions. Whatever I tried, any user I had set
        > > up only had browse and search functionality in the GUI. I would like
        > > to set up different users according to the available permissions (admins, deployers, viewers).
        > > How would I do that? We definitely need better documentation,
        > > especially in this area.
        > >
        > > Thanks,
        > > Reinhard
        > >
        > > --------------------------------------------------------------------
        > > ----- Take Surveys. Earn Cash. Influence the Future of IT Join
        > > SourceForge.net's Techsay panel and you'll get the chance to share
        > > your opinions on IT & business topics through brief surveys-and earn
        > > cash
        > > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=D
        > > EVDEV _______________________________________________
        > > Artifactory-users mailing list
        > > [hidden email]
        > > https://lists.sourceforge.net/lists/listinfo/artifactory-users
        > >
        > >
        >
        -------------------------------------------------------------------------
        Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
        _______________________________________________
        Artifactory-users mailing list
        [hidden email]
        https://lists.sourceforge.net/lists/listinfo/artifactory-users <https://lists.sourceforge.net/lists/listinfo/artifactory-users>
       
        -------------------------------------------------------------------------
        Take Surveys. Earn Cash. Influence the Future of IT
        Join SourceForge.net's Techsay panel and you'll get the chance to share your
        opinions on IT & business topics through brief surveys-and earn cash
        http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV <http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV>
        _______________________________________________
        Artifactory-users mailing list
        [hidden email]
        https://lists.sourceforge.net/lists/listinfo/artifactory-users
       




Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Need help on user/group setup

Yoav Landman
Administrator

You are right. The deploy page wrongly requires global admin role. Thanks.
(https://www.jfrog.org/jira/browse/RTFACT-66)
We plan to release 1.2.1 with repo-based security in a couple of weeks,
probably around mid-April.


Reinhard Nägele wrote:

>
> I still cannot figure out how to enable the deploy functionality in the UI
> for users other than the admin. I created a group "com", a user "foo", and
> gave that user viewer and deployer permissions. When I log in as this
> user, the deploy functionality is still disabled. Shouldn't a user that
> has deployer permissions always have the deploy functionality enabled and
> only get an error if they deploy anything with a non-matching groupId?
>
> And thanks for your responsiveness. Do you have a timeframe for repo-base
> roles? This feature will be highly appreciated.
>
> Regards,
> Reinhard
>
> ________________________________
>
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Yoav
> Landman
> Sent: Dienstag, 13. März 2007 21:30
> To: [hidden email]
> Subject: Re: [Artifactory-users] Need help on user/group setup
>
>
> The same deployment policies applies in the UI (you cannot deploy to a
> group your are not a deployer of).
> Import/export is an admin feature and can only be used by admins.
> We will add repository-based roles in the upcoming release (this seems to
> be a popular request), but for now to allow users to deploy globally they
> have to be admins.
>
>
> On 3/13/07, Reinhard Nägele <[hidden email]> wrote:
>
> Thanks, I get that now. What if I don't need a restriction to groupIds? I
> want to globally allow users to be deployers. And how does this relate to
> the GUI? I want to also either enable or disable the deploy functionality
> to a user in the GUI. The same goes for import/export.
>
> Reinhard
>
> -----Original Message-----
> From: [hidden email] [mailto:
> [hidden email]
> <mailto:[hidden email]> ] On Behalf Of
> Yoav Landman
> Sent: Dienstag, 13. März 2007 11:42
> To: [hidden email]
> <mailto:[hidden email]>
> Subject: Re: [Artifactory-users] Need help on user/group setup
>
> Just to make this clearer by example, if you need to deploy an artifact
> with a groupId of "org.apache.maven" you will need to create a group with
> any of the following names (prefixes):
> org, org.apache or org.apache.maven
> and assign a user as a deployer to this group.
>
> For authenticating via Maven, this user will have to add the following to
> his settings.xml:
> <servers>
> <server>
>   <id>repository-name-used-in-the-pom-to-refer-to-artifactory</id>
>   <username>myUsername</username>
>   <password>myPassword</password>
> </server>
> </servers>
>
> On 3/13/07, Yoav Landman <[hidden email]> wrote:
> > Security works the following way:
> >
> > GROUPS
> > You can create groups, each group uses a groupId prefix as its name.
> > This prefix translates to a path prefix for artifacts in the
> > repositories, and is used to determine the effective permissions when
> > referring to a repository path.
> > For each group you can assign users to 3 types of roles:
> > (1) Deployers - can deploy/remove (undeploy) artifacts.
> > (2) Viewers - can download artifacts (simple browsing is still enabled
> > for anyone), unless a repository has the <anonDownloadsAllowed> flag
> > set to true (the default), then anybody can download regardless.
> > (3) Admins - currently unimplemented (will be used to allow management
> > of users within a group in the next version).
> >
> > USERS
> > A defined user can either be a simple user or an admin which is
> > similar to a root user (has all 3 roles for any group).
> >
> > We will add this to the docs.
> >
> > HTH,
> >
> > Yoav
> >
> > On 3/13/07, Reinhard Nägele <[hidden email]> wrote:
> > >
> > >
> > > I am still evaluating Artifactory and do like it, but I can't really
> > > figure out how security works. I set up several users and groups and
> > > assigned different permissions. Whatever I tried, any user I had set
> > > up only had browse and search functionality in the GUI. I would like
> > > to set up different users according to the available permissions
> (admins, deployers, viewers).
> > > How would I do that? We definitely need better documentation,
> > > especially in this area.
> > >
> > > Thanks,
> > > Reinhard
> > >
> > > --------------------------------------------------------------------
> > > ----- Take Surveys. Earn Cash. Influence the Future of IT Join
> > > SourceForge.net's Techsay panel and you'll get the chance to share
> > > your opinions on IT & business topics through brief surveys-and earn
> > > cash
> > > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=D
> > > EVDEV _______________________________________________
> > > Artifactory-users mailing list
> > > [hidden email]
> > > https://lists.sourceforge.net/lists/listinfo/artifactory-users
> > >
> > >
> >
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT Join
> SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Artifactory-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/artifactory-users
> <https://lists.sourceforge.net/lists/listinfo/artifactory-users>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> <http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV>
> _______________________________________________
> Artifactory-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/artifactory-users
>
>
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Artifactory-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/artifactory-users
>
>

--
View this message in context: http://www.nabble.com/Need-help-on-user-group-setup-tf3394474.html#a9481520
Sent from the Artifactory-Users mailing list archive at Nabble.com.



Loading...