Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-11991

Security API incomplete - User deletion required

    Details

      Description

      The nexus-security-3.1.0-04-javadoc documents REST API features available to administer user accounts:
      nexus-security-3.1.0-04-javadoc/org/sonatype/nexus/security/SecurityApi.html

      There is a function to create users:
      addUser(String id, String firstName, String lastName, String email, boolean active, String password, List<String> roleIds)

      However, there is no function to delete user accounts. This is required.

      Alternately, an update function which allowed for modification of existing accounts would be sufficient.

      Use cases for this would be updating a user's password, or locking/unlocking an account WITHOUT the use of the GUI.

      A delete function would allow the user to be removed from the system, the recreated with a new password/permissions. This would suffice, for the meantime.

      Being unable to programatically remove uses from the system poses a potential security risk. As does being unable to rotate user passwords.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              steve.herd@capitalone.com Steve Herd
              Last Updated By:
              Michael Prescott Michael Prescott
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title