ARTIFACTORY: How to enable the Platform Auditor Role in Artifactory

ARTIFACTORY: How to enable the Platform Auditor Role in Artifactory
Products
Frog_Artifactory
Content Type
Administration_Platform
AuthorFullName__c
Vaibhav Jain
articleNumber
000006697
FirstPublishedDate
2025-11-26T07:16:01Z
lastModifiedDate
2025-11-26
VersionNumber
3
This article explains the purpose of the Platform Auditor Role and provides the necessary steps to enable and assign it within the JFrog Platform (Artifactory).


The Platform Auditor Role: Purpose and Scope

The Platform Auditor Role is a centralized, read-only feature designed for security and compliance personnel. It provides an immutable, transparent view of system activity and configuration changes across Artifactory, Xray, Access, and other integrated services.

The Platform Auditor user can view the entire JFrog Platform WebUI, but is not able to perform any actions, create, modify, or delete resources. This role can be used for auditing or compliance monitoring.


Enabling the Feature Flag (Configuration):
 
This feature is disabled by default and requires modification of the central system.yaml configuration file. This functionality is available from Artifactory version 7.125.3 onward.
  1. Locate system.yaml: Find the file, typically located at $JFROG_HOME/artifactory/var/etc/artifactory/system.yaml.
  2. Add the Configuration Block: Add the following block to your system.yaml file: 
    frontend:
    featureToggler:
         accessPlatformAuditor: true
  3. Restart Artifactory: Perform a restart of the Artifactory service for the new feature flag to take effect.
Assigning the Platform Auditor Role:

Once the feature flag is enabled, the new role becomes available in the User Management section.
  1. Navigate to User Management: In the JFrog Platform UI, go to AdministrationUser Management Users.
  2. Create/Edit User: Create a new user or edit an existing one.
  3. Assign the Role: When assigning roles, you will now see the "Platform Auditor" option available. (Refer to the screenshot showing the new role added to the selection list.)
User-added image 

Constraint: Role Exclusivity (Important)

Please note the following critical constraint designed for security auditing:
  • The Platform Auditor Role cannot be combined with any other role (e.g., Admin, User, Reader).
  • When "Platform Auditor" is selected, all other standard roles are automatically greyed out and unavailable for selection, ensuring the user maintains a strict read-only context.
  • Conversely, if any other standard role is selected first, the Platform Auditor Role becomes unavailable.
This ensures that any user with this role is strictly limited to viewing information for compliance purposes.

For more information on Platform Auditor Role and system configuration, refer to the documentation below:-
  1. The Platform Auditor
  2. System configuration for Artifactory