Details
-
Type:
Improvement
-
Status: Open
-
Priority:
Medium
-
Resolution: Unresolved
-
Affects Version/s: 3.0.0
-
Fix Version/s: None
-
Component/s: Security, User Token
-
Labels:None
Description
Scenario:
For our CI environment we'd like to have dedicated credentials per team to allow for uploading built artifacts to Nexus. This is to ensure that each team only deploy what they should be allowed to (for example their groupId).
All user accounts are in an external Nexus realm (like LDAP). The idea would be to have the CI accounts in a different realm, but possibly there could also be scenarios where those accounts exist in the same realm as the user accounts.
In any case, these CI system accounts should never be used to log into the Nexus UI. Currently (v3.18.1) any user account created which have upload privs are also allowed to log into the UI. It's also then possible to change the name etc of that account; we don't want to allow that. (Or am I configuring something wrong?)
Another thing that we'd like is to be able to do is to get a user token for the ci system account. But one shouldn't have to log in as that user (as we don't want that), but be able to retrieve the token as an admin. The user token would for example be required if "Require user token for repository authentication" is enabled.
Other detail would be that a ci system account doesn't have first and last name, but just a name (one field). Not a big issue, but still.
Attachments
Issue Links
- is related to
-
NEXUS-12653 Retrieve current user's user token via REST
-
- Open
-
- relates
-
NEXUS-25154 Retrieve NuGet API Key via REST
-
- Open
-