I have setup an instance of Artifactory (4.1.2) which I am using to store java artefacts. I push artifacts to the instance using the gradle plugin configured as below
artifactory {
contextUrl = 'http://example.com/artifactory'
publish {
repository {
// The Artifactory repository key to publish to
repoKey = 'libs-release-local'
username = artifactory_username
password = artifactory_password
}
defaults {
publications('releaseJar')
}
}
}
I want to be able to prevent overwriting already deployed artefacts by version. This seems to be a common request and the docs say
You can prevent a user or group from overwriting a deployed release or unique snapshot by not granting the Delete permission. Non-unique snapshots can always be overwritten (provided the Deploy permission is granted).
However, I have set up a deploy user which is in groups 1 | deployers
with related permissions 1 | CanDeploy.
The CanDeploy permission has Deploy/Cache permissions for the deployers group only.
However! I can overwrite the deployed artifact to my hearts content using gradle artifactoryPublish.
Any advice would be gratefully received :)
EDIT: Since asking this question the functionality has started working as desired. This is very weird as I had not changed the Artifactory settings at all but is now returning a 403 when I try to upload an artifact with the same version num as is already deployed. I can only presume there is something weird regarding caching of access permissions or something which resulting in my changes via the web UI not becoming effective for a day or two - unnerving but its currently working. Will leave question up for the moment while I ensure its working!
The easiest way to check the permissions are set is in the "Effective Permissions" tab in the browser UI.
When selecting the "releaseJar" repo, if you see the "delete" permission checked on the "deploy" user than you may have another permission target giving the delete permission to this user.
You can see the list of permission target used by a single user in the "Users" page.
Hope this helps.
Related
I need to Disable directory listing in .
Any suggestions ?
I tried to search for result in google but didn't find any
I only found a way that you can block the connection to the URL but this isn't what i need
If you are looking to disable the directory-listing for particular users, then you can achieve this by adding providing the repository path exclude-pattern at the permission target end.
In the below example, I have enabled anonymous user access only to specific packages, Please refer below steps for the same:
I have created a PyPI local repository, deployed python packages into it as shown in the below screenshot:
screenshot
After this, created a permissions target to restrict access to a specific folder called st-fraud-infra to the anonymous user. Hence added st-fraud-infra/** as a exclude pattern, kindly refer to the below screenshot for the same:
screenshot
Add anonymous users from the Users tab and provided appropriate permissions based on your requirement.
screenshot
Once you saved the permission target while accessing the Artifactory through the anonymous user, I could not see the excluded folder which is st-fraud-infra.
screenshot
I am using Nexus OSS 2.13.0-01. I want to restrict Artifact Upload for a single user to a single repository (All other users should not be able to upload Artifacts to any of the repositories).
I followed the documentation to create custom repository target, custom privileges and custom roles. However, I see that 'Artifact Upload' is a Privilege of the type 'Application'. If I understand it right, I can not make 'Artifact Upload' applicable to a single Nexus repository but on the entire Nexus Application.
Hence, I am getting 'Artifact Upload' tab for every repository in Nexus and not a single repository.
How do I achieve it?
Cheers,
Anantha
The "artifact upload" privilege controls whether or not the upload UI tab is visible. It does not grant privileges to actually upload anything, for that the user needs create or update privileges in the repository.
It is not practical to make the upload UI appear and disappear based on whether a user has write privileges. Checking to see if user has upload permissions is actually quite complex when you consider how nexus repository permissions work. They consist of...
Repository Targets:
A regular expression describing patterns of artifacts that can be
uploaded (e.g, "/com/foo/somecompany/someproject/.*"
A repository type which is allowed (e.g, "maven2", or "any content".
Repository Target Privileges:
A repository target
A repository where the target applies, or "all repositories"
Further complicating matters is that repository privileges are transitive. Privileges applied to group repositories also apply to the groups member repositories. So a privilege granted for a group repository is also granted for the groups members.
So in the general case we can't tell if a user has permission to upload something until they actually try to upload it.
i know that people couldn't say that this is trivial, but i have search for days in internet and can not be able to do this.
i am using visual studio 2010 ultimate and have created my setup with setup and deployment of vs 2010.the problem is that i have an application folder which contains my database and which is deployed with my application. When i deploy it in administrator part of computer, all is correct, i devined that it is due to fullcontrol permission of administrator programfiles folder.But when i deploy it in another account, application don't has access to database for writting. i looked for the web site and understood that this is due to programfiles folder permission for others users.So i decide to do another research in order to give more rights to users for this folder.
I finally understood that i can achieve this with authoring tools like robocopy by using custom action or with a command line by just correctly write my custom action. After more researchs, i understood that i can do it with a command line which use robocopy and give folder permission during installation for this custom action or only with custom action.
for custom action, i tried many links, but the best link that i obtained was (How to give Read/Write permissions to a Folder during installation using .NET) without success (i change /folder="[CommonAppDataFolder][ProductName] with /folder="[CommonAppDataFolder][Manufacturer][ProductName] in customactiondata" due to the fact that product name is in my manufacturer folder").i don't understand why this code don't change folder permissions during installing and don't know how i can use robocopy or icalcs in custom action to change folder permissions during installation. my setup and others requirements have been packaged with dotnetInstaller, i dont know if i can be able to continue use it.
please, i greatly need your help to be able to do this
i have solved the problem. After many trying, i understood that i was giving permission to the wrong folder because my documents and database were contained in programfile folder. after understand this, i only change the place to set permission by :/folder="[ProgramFilesFolder][Manufacturer][ProductName]" and permission have been setted.
We have a situation, where a node (It was a client lib folder) got deleted from AEM repository, not sure which user did this. I was looking, if AEM stores Node/Folder deletion history somewhere, so that we can identify, who had taken action of deleting the node.
Few options I tried/was thinking of
Tried to check logs, if there some info, but on creation or deletion of node, didn't see any logs with node name
Have a content change listener on repo, but that will load AEM un-necessarily. Also this will not give information on nodes which were deleted before listener was registered.
Is there a audit log or history stored for deleted nodes in AEM?
Yes AEM can store and provide audit log entries for WCM events like e.g. page modifications.
But it requires the audit logger to be enabled (through the configuration admin console /system/console/configMgr).
If this is the case then check either the audit.log file in your logs directory or the audit records below /var/audit
If it is a client lib folder that got deleted, then audit log won't help you much because it logs pages/dam creation/changes/deletion events.
You need to write your own listener for that, which will just make the repository grow.
I can only think of it happening on a dev like env as write access to /etc or /apps should be restricted on prod like envs.
Anyway to restore the content just reinstall the package through which the clientlib got installed.
I followed Backup and restore method in alfresco share instead of import/export. It is now working as i expected in new Alfresco, i can see the content in sites, can view files in site document library, can view events, workflow,users,groups and so on. Everything goes fine except that the repository is not loading, but When i search for files in repository it is showing "3 result(s) found in Quality site."...but it is not displaying those files.
In my old Alfresco i have set permissions for folders in repository...will it cause any error to load repository in my new alfresco?
It shows following error when i close my server...
log4j:ERROR LogMananger.repositorySelector was null likely due to error in class reloading, using NOPLoggerRepository.
Kindly look into my issue and give some suggestion......
that error means that the log4j tries to log something in the log file of the webapp but Tomcat already shut down. have you sufficient/right permissions on the new restored alfresco installation?
If you followed correctly the backup/restore procedure from the wiki, the permissions on nodes of the repository also come together. But, if you want to reset and rebuild all the permission, you could perform a FULL reindex with the string appended to alfresco.global.properties:
index.recovery.mode=FULL