Security Configuration JSON

JFrog REST APIs
Content Type
REST API

Legend

Element

Description

+

Mandatory element in create/replace queries; optional in "update" queries

-

Optional element in create/replace queries.

!

Read-only element

(default)

The default value when left unspecified in create/replace queries.

application/vnd.org.jfrog.artifactory.security.User+json

{
  - "name": "davids",
  + "email" : "davids@jfrog.com",
  + "password": "***" (write-only, never returned),
  - "admin": false (default),
  - "profileUpdatable": true (default),
  - "disableUIAccess" : false (default),
  - "internalPasswordDisabled": false (default),
  ! "lastLoggedIn": ISO8601 (yyyy-MM-dd'T'HH:mm:ss.SSSZ),
  ! "lastLoggedInMillis": 1735682400000,
  ! "realm": "Realm name (e.g. internal, saml, oauth, ldap, crowd, scim)",
  ! "groups" : [ "deployers", "users" ],
  - "watchManager": false(default),
  - "policyManager": false(default),
  - "policyViewer": false(default),
  - "reportsManager": false(default),
  ! "mfaStatus": "NONE" | "ENROLL" | "VERIFY",
  ! "status": "INVITED" | "ENABLED" | "DISABLED" | "LOCKED"
}

Property

Required

Description

name

optional

The user name.

email

mandatory

The user's email address.

password

mandatory

The user's password.

admin

optional

Defines whether the user is an administrator.

The default value is false.

profileUpdatable

optional

Defines whether the user has permission to change their profile details (except their password, which can be changed only by an administrator).

The default value is true.

disableUIAccess

optional

Defines whether the platform UI is disabled for this user.

The default value is false (meaning the user has access to the platform UI).

internalPasswordDisabled

optional

When set to true, the user password is cleared, which means that only external authentication is allowed (for example via an LDAP server).

The default value is false.

lastLoggedIn

read-only

The timestamp of the last login by this user (ISO 8601 format).

lastLoggedInMillis

read-only

The timestamp of the last login by this user (in milliseconds).

realm

read-only

The authentication realm that manages this user's credentials.

groups

optional

The defined groups to which this user belongs.

watchManager

optional

[Xray users only] Defines whether the user can manage watches.WATCHES

The default value is false.

policyManager

optional

[Xray users only] Defines whether the user can manage policies.POLICIES - v2

The default value is false.

policyViewer

optional

[Xray users only] Defines whether the user can view policies.POLICIES - v2

The default value is false.

reportsManager

optional

[Xray users only} Defines whether the user can manage Xray Reports on any resource type.

The default value is false.

mfaStatus

read-only

Defines the multi-factor authentication (MFA) status of this user:

  • NONE: MFA is not used

  • ENROLL: MFA is enabled but the user has not yet entered the verification code from the authenticator app.

  • VERIFY: MFA is enabled and the user has been verified by the authenticator app.

status

read-only

Defines the current status of the user:

  • INVITED: The user has been invited to join the JFrog platform by the administrator, but has yet to complete the process.

  • ENABLED: The user is active and can access the platform.

  • DISABLED: The user has been disabled (possibly due to a SCIM update from external providers which deactivated the user).

  • LOCKED: The user has been locked out of the platform due to excessive incorrect login attempts.

application/vnd.org.jfrog.artifactory.security.Group+json

{
  - "name": "dev-leads",
  - "description" : "The development leads group",
  - "autoJoin" : false (default, must be false if adminPrivileges is true),
  - "adminPrivileges" : false (default),
  ! "realm": "Realm name (e.g. internal, saml, ldap, crowd, scim)",
  ! "realmAttributes": "Realm attributes for use by LDAP"
  - "userNames" : [ "user1", "user2", "user3" ] //available from version 6.13 only for Update Group requests
  - "watchManager": false (default),
  - "policyManager": false (default),
  - "reportsManager": false (default)
  - "externalId" : "123"
  }

Property

Required

Description

name

optional

The name of the group.

description

optional

An optional description of the group.

autoJoin

optional

Defines whether new users should join this group automatically.

The default value is false.

Note

This property must be set to false if adminPrivileges is set to true.

adminPrivileges

optional

Defines whether the members of this group have administrator privileges.

The default value is false.

realm

read-only

The authentication realm that manages this group's credentials.

realmAttributes

optional

Defines the configuration settings used to define how this group connects to and interacts with an LDAP server.

userNames

optional

An array of users to add as members to this group.

watchManager

optional

[Xray users only] Defines whether the users in this group can manage watches.WATCHES

The default value is false.

policyManager

optional

[Xray users only] Defines whether the users in this group can manage policies.POLICIES - v2

The default value is false.

reportsManager

optional

[Xray users only} Defines whether the users in this group can manage Xray Reports on any resource type.

The default value is false.

externalId

optional

If the group is managed by an external identity provider, this is the unique id generated by that provider. The externalId can be use to synchronize the group between the two different systems.

application/vnd.org.jfrog.artifactory.security.PermissionTarget+json

Permissions are set/returned according to the following conventions:

m=admin; d=delete; w=deploy; n=annotate; r=read; mxm=managedXrayMeta; x=distribute

name is limited to 64 characters

includePattern/excludePattern are limited to 1024 characters

{
  - "name": "populateCaches",
  - "includesPattern": "**" (default),
  - "excludesPattern": "" (default),
  + "repositories": ["local-rep1", "local-rep2", "remote-rep1"], // Permission targets are not supported for Virtual repositories.   
  - "principals": {
        "users" : {
          "bob": ["r","w","m"],
          "alice" : ["d","w","n", "r"]
        },
        "groups" : {
          "dev-leads" : ["m","r","n"],
          "readers" : ["r"]
        }
    }
}

Property

Required

Description

name

optional

The name of the permission target.

includesPattern

optional

A regex pattern that defines which repositories to include in this permission.

The default is "**" (all).

excludesPattern

optional

A regex pattern that defines which repositories to explicitly exclude from this permission.

The default is "" (none).

repositories

mandatory

Defines the local and remote repositories included as resources for this permission.

Note

Virtual repositories are not supported.

principals

optional

Defines the actions permitted to each user and group.

application/vnd.org.jfrog.artifactory.security.PermissionTargetV2+json

Permissions are set/returned according to the following conventions:

read, write, annotate, delete, manage, managedXrayMeta, distribute

You can specify the name "ANY" in the repositories section in order to apply to all repositories, "ANY REMOTE" for all remote repositories and "ANY LOCAL" for all local repositories.

{
  - "name": "java-developers",
  - "repo": {
     - "include-patterns": ["**"] (default),
     - "exclude-patterns": [""] (default),
     + "repositories": ["local-rep1", "local-rep2", "remote-rep1"],
     - "actions": {
          "users": {
            "bob": ["read","write","manage"],
            "alice": ["write","annotate", "read"]
        },
          "groups": {
            "dev-leads": ["manage","read","annotate"],
            "readers": ["read"]
       }
    }
}
 - "build": {
     - "include-patterns": [""] (default),
     - "exclude-patterns": [""] (default),
     + "repositories": ["artifactory-build-info"] (default, can't be changed),
     - "actions": {
          "users": {
            "bob": ["read","manage"],
            "alice": ["write"]
          },
          "groups": {
            "dev-leads": ["manage","read","write","annotate","delete"],
            "readers": ["read"]
          }
    }
  }
 - "releaseBundle":{
    - "include-patterns": ["**"],
    - "exclude-patterns": [],
   + "repositories": ["release-bundles"],
   - "actions": {
        "users": {
          "user_name":["read", “write” etc..]
       }, 
        "groups":{
          "group_name":[“read”, “write” etc..]
       }
   }
}

Property

Required

Description

name

optional

The name of the permission target.

repo

optional

Defines which repositories are included in this permission and the actions that can be performed by each user and group. Include and exclude patterns are supported.

build

optional

Defines which builds are included in this permission and the actions that can be performed by each user and group. Include and exclude patterns are supported.

releaseBundle

optional

Defines which Release Bundles are included in this permission and the actions that can be performed by each user and group. Include and exclude patterns are supported.