Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-11238

Repository View - Browse permission grants too much access

    XMLWordPrintable

    Details

      Description

      The current security model works as follows

      Content retrieval:

      • If user has 'Repository View - read' permission, can read any content in the repo
      • If user has 'Content Selector - read' permission, can read any matching content in the repo

      Content Browsing:

      • If user has 'Repository View - browse' permission, can browse any content in the repo
      • If user has 'Content Selector - browse' pemission, can browse any matching content in the repo

      In theory this looks fine, but in practice, since you need any single 'Repository View' permission to see the browse component of the UI, as soon as you add that, you auto grant full browse access to the repository (i.e. completely override any content selector perms applied to that repo)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jstephens Joseph Stephens
              Reporter:
              dbradicich Damian Bradicich
              Last Updated By:
              Peter Lynch
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title