What is the minimal set of privileges required to deploy artifacts to Nexus 3?

Question

I'm using Nexus Repository Manager 3.1.0-04, and I want to create a user to just have deployment permissions. What are the minimal set of privileges required for that?

Right now I created a role nx-deploy with the following privileges:

• nx-repository-admin---read
• nx-repository-admin---browse
• nx-repository-admin---delete
• nx-repository-admin---edit
• nx-repository-admin---add

Then I created a user deployment with the role nx-deploy. I can deploy artifacts now, however, I believe I am giving too much privileges? The admin part is not what I want the deployment user to be, so that part has me a bit nervous.

Needless to say, there are just too many privileges to choose from under the security section.

Answer 1

The general rule is nx-repository-admin privileges are for administering the repositories and their details; nx-repository-view privileges are for use of the repositories once set up. Assign the latter.

To tweak repository privileges of your Deployment user(s) you should use the nx-repository-view-*-*-* as the assigned privilege, instead of nx-repository-admin. So, remove all the privileges you addressed in your question, and replace the ‘Given’ field with nx-repository-view-*-*-*. Since the privilege is denoted with asterisks, your Deployment users can perform all the above actions (i.e. browse, read, edit, add, and delete).

See the screenshot for reference:

Configuring the nx-deploy Privilege for the Deployment Role

You can read more about Privileges in the Security chapter: https://help.sonatype.com/repomanager3/security/privileges