ARTIFACTORY: Permissions to use user plugins (“You are not permitted to execute <plugin name>” error)

ARTIFACTORY: Permissions to use user plugins (“You are not permitted to execute <plugin name>” error)

AuthorFullName__c
Ahmad Zeidan
articleNumber
000005524
ft:sourceType
Salesforce
FirstPublishedDate
2022-12-22T15:57:44Z
lastModifiedDate
2022-12-22
VersionNumber
2

Permissions to run User Plugins in Artifactory are granted only for admin users by default. Other non-admin users are not permitted to run User Plugins by default. 

In case you wish to grant these permissions to non-admin users or groups, you may follow these steps: 

Some User-plugins have the users declared in the plugin script itself, for example:

deleteEmptyDirs Plugin:
 

deleteEmptyDirsPlugin(version: '1.1', description: 'Deletes empty directories', users: ['admin'].toSet()) { params ->

deleteDeprecated Plugin:
deleteDeprecatedPlugin(version: '1.0', description: 'Deletes artifacts marked with \'analysis.deprecated=true\' property', users: ['admin'].toSet())

You can simply add the name of the user you want to use next to the admin user (['admin','example-user']) Once the change is done, you will have to reload the plugin.

To reload the plugins:
curl -v -i -u admin:password -X POST http://<IP>:8082/artifactory/api/plugins/reload

In some cases you may encounter the below error when a non privileged user is trying to run a user plugin:
{
  "errors" : [ {
    "status" : 403,
    "message" : "You are not permitted to execute 'deleteEmptyDirsPlugin'."
  } ]

In that case, you may want to grant the non-admin user permissions to run that user plugin or use the admin user permissions to run the plugin.

When using the artifactCleanup plugin, there is an additional step, which includes a group named ‘cleaners’, which the non-admin user must be a member of in case you want it to be able to execute this plugin.