Allow Anonymous Access

JFrog Platform Administration Documentation
Content Type
Administration / Platform
ft:sourceType
Paligo

JFrog Platform’s permission-based system allows you to control users' access to different features and artifacts. To provide access to users who are not logged in, JFrog also provides the option of enabling Anonymous Access.

You enable or disable Anonymous with the Allow Anonymous Access setting under Security > General in the Administration module. If you use the classic navigation (SH version 7.90 or previous), go to User Management > Settings. You can modify the set of permissions assigned to the "Anonymous User" just like you would for any other user, which requires you to enable Allow Anonymous Access.

Warning

Important Information on Anonymous Users

For security reasons, JFrog does not recommend allowing anonymous access. When you allow non-logged-in users access to your system, you could, potentially, be giving unauthorized access to users to any existing local, remote or virtual repositories, and, to future repositories.

In addition, enabling anonymous access may expose any sensitive data that may be saved in these repositories to non-logged-in users.

The best practice for using anonymous access is to create a new permission target, select the repositories to which the anonymous user will have access, and set the read action only to these selected repositories.

JFrog has hardened anonymous access at the project level for security reasons.

Project administrators can add users and groups to a project. From Artifactory 7.66, JFrog disabled the ability to add the anonymous user to a new project since it is not recommended to enable such access. If you still wish to enable anonymous access for projects, you can modify the Access YAML access.config.latest.yml file and change the security: allow-anonymous-in-projects setting to true. For more information, see Access YAML configuration files, see changing Access YAML configuration, and see supported access configurations.Access YAML Configuration FilesAccess YAML ConfigurationSupported Access Configurations

Note

Starting from Artifactory 7.84.3, the anonymous user is removed from the Anything and Any Remote permissions by default. To grant permissions to anonymous users, the best practice is to create a new permission target containing the anonymous user, and to assign it with read-only access to the relevant repositories.