How to set path-based permissions for users/groups in Artifactory?[Video]

Nir Ovadia
2021-02-02 19:50


Video Transcription

Hello, this is Nir from JFrog support, and today we’re going to talk about how to set path based permissions for a user or group. So we go to our Artifactory instances. You can see here. And let’s say I have a team of RPM devs, and I want to give them permissions to specifically only really see the RPM repository, and even more specifically, only see this seven slash atomic path, because that’s what they’re going to be working on, so I don’t want them messing around with other projects or other people’s things.

This team is only for this a seven slash atomic repository. So what we can do is, first of all, you need a user, which I’ve already created. We have this user Alex, and he’s in our team one group, which is going to be our RPM team. And so, we have to make permissions for that.

So, we can give him read permissions and deploy and such permissions, but how do we set it specifically for that path? And that’s where path-based permissions come in. So, let’s talk about it.

Let’s create a name for our permission, RPM-Devs, and what we’re going to do is add our RPM repositories in here. And now what we see here, in these include patterns and exclude patterns, these are the paths. These are ant-like expressions to create a path or exclude a path from our permissions.

So currently, this star star means that everything is, it’s applied on everything. So what we want to do is, if we do something like this, this expression says only in these RPM repositories, only this path will have the permissions that we apply here, and you can see that here.

So, that might sound a bit confusing, and here I’ll show you. Let’s add our user. Can also add groups, whichever one you want, or both. And we’ll add our permissions and now we’ll log in as Alex. [inaudible 00:02:19]. Let’s press okay on that.

And so, here now we only see these RPM repositories because those are the only ones we have permissions for. Before this, we had no permissions on anything. So we open this up and you see, of that giant RPM repository, we only see the seven atomic folder, and here we see the information inside of it.

So, we only have permissions for this, but this is my, these are my devs, and there’s this repo folder that I don’t really want them to mess around with too much. It has this password file and things like that. So, what I’m going to do is… Let’s go back to our admin user that can affect permissions.

And so, we showed how to do an include on the path. Now let’s do an exclude. So we go back to our RPM-Devs. And we’ll edit this. And these exclude patterns, we’re going to do something like seven atomic. Now it’s important that I do this slash star star instead of just star star, like this, and I’ll show you why, but I’m going to add this pattern so this path is excluded.

Let’s logout and go back to Alex. And now, theoretically, this repo folder that we saw in there should be gone and we wouldn’t even know it exists. I mean, you can set your past, or not your past, your permissions to have read access on one, but not delete and things like that so you could still see it, but not mess with it. But currently, we don’t see it because we removed all permissions from it because of the exclude pattern.

And another thing is, we made sure not to repost our star because that would have also taken out this repo data, which we want to keep. That’s why we did the repo slash star star. And that’s basically it for path-based permissions. You can layer them one on top of the other, multiple permission targets on top and really customize how you work with your teams and your repositories. So, that’s all. Thank you very much.