Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-18917

Make it possible to use a repository partitioning strategy to restrict tagging

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.15.1
    • Fix Version/s: None
    • Component/s: Security, Staging, Tags
    • Labels:
    • Notability:
      4

      Description

      Currently the tagging implementation in Nexus Repo 3 is largely incompatible with partitioning of repositories by permissions.  The reason for this is that tagging requires just two privileges:

      • nx-tags-associate
      • nx-repository-view-?-?-browse

      It's not that common to restrict what a developer can view, but it is quite common to restrict what they can read and write.  So for most users of tagging there is currently no way to limit which components a user is allowed to tag.  Restrictions are important when you consider that tags are often used in staging.  Tags which are on the wrong components can cause the wrong components to be moved during a staging operation.

      There needs to be a way to restrict what a user can tag in a Nexus repository that is not based on browse privileges.  One possibility would be to require write privileges on a component before tagging will work.

      Also note that there is currently a bug which makes it so that even for users that are willing to restrict browse privileges partitioning still won't work: NEXUS-18898

       

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              rseddon Rich Seddon
              Last Updated By:
              Rich Seddon
              Votes:
              4 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Date of First Response:

                  tigCommentSecurity.panel-title