The JFrog Platform provides a flexible permissions model that gives administrators fine-grained control over how users and groups access the different resources in the platform such as repositories, builds, Release Bundles, Edge node destinations, and Pipeline Sources.
Permissions are managed from a central location, where you can control how users or groups can view and perform actions.
By defining Permission Targets, you can set the physical resources, for example, repositories, and select users or groups with a corresponding set of permissions defining how they can access the specified repositories.
A classic example would be if you have two engineering teams using several repositories. You can create a group of users for each team. You can then create a Permission Target with a set of those repositories, in which you can grant access to the relevant resources with the appropriate permissions for each group.
You can use the JFrog Platform UI to manage permissions or use the JFrog REST API to manage permissions.
The following topics provide detailed information about permissions in the JFrog Platform.
The next generation of permission model (Permissions V2) is now available in the JFrog Platform for self-hosted (from Artifactory 7.77.2) and is being rolled out to JFrog Cloud users. The new model is fully backward compatible with the legacy permissions (Permissions V1) model. The new model simplifies the UI user flows to configure all resource types. The popups to add resource type (like builds and repositories) have a new look and feel.
For the legacy permissions model (Permissions V1), see Legacy Permissions.
You can identify between the two permissions models by the look and feel.
The following image shows the new Permissions UI.
The following image shows legacy Permissions UI.
In permissions V1, a user with the manage permission was able to grant manage permissions to other users along with other permissions. This behaviour was a security hole and has been fixed with permissions V2. A user with manage permissions can grant all permissions except the manage permission.