ARTIFACTORY: Permissions to use user plugins (“You are not permitted to execute ” error)

Ahmad Zeidan
2023-01-22 11:10

Permissions to run User Plugins in Artifactory are granted only for admin users by default. Other non-admin users are not permitted to run User Plugins by default. 

In case you wish to grant these permissions to non-admin users or groups, you may follow these steps: 

Some User-plugins have the users declared in the plugin script itself, for example:

deleteEmptyDirs Plugin:
 deleteEmptyDirsPlugin(version: '1.1', description: 'Deletes empty directories', users: ['admin'].toSet()) { params ->
deleteDeprecated Plugin:
 deleteDeprecatedPlugin(version: '1.0', description: 'Deletes artifacts marked with \'analysis.deprecated=true\' property', users: ['admin'].toSet())
You can simply add the name of the user you want to use next to the admin user (['admin','example-user']) Once the change is done, you will have to reload the plugin.

To reload the plugins:
 curl -v -i -u admin:password -X POST http://<IP>:8082/artifactory/api/plugins/reload
In some cases you may encounter the below error when a non privileged user is trying to run a user plugin:
 {
"errors" : [ {
"status" : 403,
"message" : "You are not permitted to execute 'deleteEmptyDirsPlugin'."
} ]

In that case, you may want to grant the non-admin user permissions to run that user plugin or use the admin user permissions to run the plugin. 

When using the artifactCleanup plugin, there is an additional step, which includes a group named ‘cleaners’, which the non-admin user must be a member of in case you want it to be able to execute this plugin.