Video Transcription

How permissions are managed on virtual repositories in Artifactory? [Video]
AuthorFullName__c
Itamar Berman-Eshel, Patrick Russell
articleNumber
000004908
FirstPublishedDate
2020-11-18T10:56:11Z
lastModifiedDate
2025-05-15
Hello everyone, my name is Patrick, and today I want to go over virtual repository permissions and how they work in the JFrog platform.

In order to describe how virtual repository permissions work, we first need to define what a virtual repository is. Virtual repositories aggregate together (which can also be described as merging together) local repository content and remote repository content.

Importantly, in the JFrog platform, virtual repositories don't host their own content. They will only show you files found in locals or remotes. Because of this key factor, permissions are inherited from the locals and remotes that the virtual aggregates.

This diagram explains how this works:
Let's say User A has been given specific access to Repository A. Repository A has then been added to Repository C, the virtual repository. When User A attempts to read files from the virtual repository, they are only able to see and download Repository A's content.

The same applies to User B, who can only see files from Repository B. This isolation allows you to grant access to the same virtual repository while limiting the ability of users to download content.

Here's what this looks like from the UI:
I'm currently logged in as an admin, and so I can view both Repository A and Repository B's content. I just have some generic files in here to demonstrate the functionality. If I head over to the "Effective Permissions" page, you can see that User A has access to Repository A, and the same applies to User B.

This is reflected in the virtual repository. If I log out of the admin view and log back in as User A, I am now only able to see the content in Repository A. The same applies to User B.

Let's say, hypothetically, User A has learned of the existence of File B and they're trying to download it through the virtual repository. If they are on a Linux server like this and type in a curl command, they will get a forbidden message stating that the file is not available to them. User B does not have this problem.

This concludes our quick video on how virtual repository permissions work. Thank you for watching, and don't forget to like, favorite, and subscribe. Goodbye