Allow Anonymous Access

JFrog Platform Administration Documentation

Content Type
Administration / Platform
ft:sourceType
Paligo

JFrog Platform’s permission-based system allows you to control users' access to different features and artifacts. To provide access to users who are not logged in, JFrog also provides the option of enabling "Anonymous Access".

Warning

Important Information on Anonymous Users

For security reasons, JFrog does not recommend allowing anonymous access. When you allow non-logged-in users access to your system, you could, potentially, be giving unauthorized access to users to any existing local, remote or virtual repositories, and, to future repositories.

In addition, enabling anonymous access may expose any sensitive data that may be saved in these repositories to non-logged-in users.

The best practice for using anonymous access is to create a new permission target, select the repositories to which the anonymous user will have access, and set the read action only to these selected repositories.

Anonymous access may be enabled or disabled (default) using the Allow Anonymous Access setting under User Management | Settings in the Administration module. You can modify the set of permissions assigned to the "Anonymous User" just like you would for any other user, and this requires that Allow Anonymous Access be enabled. Note that from JFrog Artifactory release 6.12, anonymous access is disabled by default.

JFrog has hardened anonymous access at the project level for security reasons outlined above. Project administrators can add users and groups to a project. From Artifactory version 7.66 JFrog disabled the ability to add the anonymous user to a new project since it is not recommended to enable such access. If you still wish to enable anonymous access for projects, you can modify the Access YAML access.config.latest.yml file and change the security: allow-anonymous-in-projects setting to true. For more information, see Access YAML configuration files, see changing Access YAML configuration, and see supported access configurations.Access YAML Configuration FilesAccess YAML ConfigurationSupported Access Configurations