JFrog Platform’s permission-based system allows you to control users' access to different features and artifacts. To provide access to users who are not logged in, JFrog also provides the option of enabling Anonymous Access.
You enable or disable Anonymous with the Allow Anonymous Access setting under Management | Settings in the Administration module. You can modify the set of permissions assigned to the "Anonymous User" just like you would for any other user, which requires you to enable Allow Anonymous Access.
Warning
Important Information on Anonymous Users
For security reasons, JFrog does not recommend allowing anonymous access. When you allow non-logged-in users access to your system, you could, potentially, be giving unauthorized access to users to any existing local, remote or virtual repositories, and, to future repositories.
In addition, enabling anonymous access may expose any sensitive data that may be saved in these repositories to non-logged-in users.
The best practice for using anonymous access is to create a new permission target, select the repositories to which the anonymous user will have access, and set the read action only to these selected repositories.
JFrog has hardened anonymous access at the project level for security reasons.
Project administrators can add users and groups to a project. From Artifactory 7.66, JFrog disabled the ability to add the anonymous user to a new project since it is not recommended to enable such access. If you still wish to enable anonymous access for projects, you can modify the Access YAML access.config.latest.yml file and change the security: allow-anonymous-in-projects setting to true. For more information, see Access YAML configuration files, see changing Access YAML configuration, and see supported access configurations.
Note
From Artifactory 7.84.3, new users with anonymous access cannot access any ad hoc repository. You need to create a new permission target, select the repository's anonymous user, and set actions, and only then they can access the repositories.
The existing anonymous users are not affected by this change.