I've been wondering what the exact difference between the "view" and "read" privileges in Sonatype Nexus is. Could somebody please clarify?
Many thanks!
The "read" privilege allows artifacts to be downloaded. The "view" privilege allows a user to see artifacts in the UI (assuming they also have the needed "read" privilege").
Related
After upgrading to macOS Catalina with latest Xcode 11, I am not able to read files directly from user path when doing unit testing, example:
PROJECT_DIR + "/FolderX/myFile.json",
I keep getting error Thread 1: EXC_BAD_ACCESS (code=1, address=0x8)
This is also happened when I am trying to open a couchbase lite database with custom path.
Error:
error opening!: 14
Cannot open database, Error : Error Domain=SQLite Code=14 "unable to open database file" UserInfo={NSLocalizedDescription=unable to open database file}
I believe this is an issue due to the read write access between my simulator and the latest Catalina.
My current workaround is to add my files and database to target membership and read the files directly from [NSBundle bundleForClass:[self class]].bundlePath.
Is there any better fix to this? Like tweaking any setting to allow it to read files from custom path like in older versions?
You might try looking in SystemPreferences > Security&Privacy > Privacy tab. From there, scroll down to "Files and Folders" <-- There's where you can see programs and the folders they have been granted access to in Catalina.
Personally, I didn't have time to waste figuring out how the new file permissions are supposed to work, so I let Xcode have full disk permission. (Right above the "files and folders" is "Full Disk Access".
Of course, that solved all my issues... after I get a chance to play with the new file permissions, I may revoke that access and give it explicit folder access.
Well if anyone is still struggling with this, I've moved all my projects outside of ~/Documents/
it is strange that projects under ~/Documents/ doesnt get asked for read permission, other paths do!
I end up putting all my projects under ~/workspace/
** for those who doesnt know, ~/ means /Users/{your username}/
Check your File Access settings in the App Sandbox in your project's settings, under Signing and Capabilities. For example, I couldn't access files in /Users/Bert/Downloads, even after turning on Full Disk Access in Security and Privacy in System Preferences. I had to grant read access to the Downloads Folder in App Sandbox settings.
Can I give another person publishing rights to my deployment? If so, how?
I tried adding the other person to 'Admins' of that deployment, but at least the rights haven't updated, as I did it approx. 30 minutes ago. I also just published it, and the rights have not updated.
Of course, they could make their own deployment, but then the URL would change. Is there a way to solve this?
This appears to be a bug -- Google's documentation about App Maker describes the ability to do this in detail, but there are no such actions visible in the app.
That documentation says "A project owner also has full access to the data in all deployments of the app, even if the project or deployments restrict the owner from having that access (because the project owner can give themself access)." and "An app owner can take ownership of a deployment." and even has a section "Take ownership of a deployment" saying "If the owner of a deployment edits or republishes a deployment that an editor originally published, this takes ownership of the deployment."
We can report this to google.
I am trying to setup a Nexus OSS 2 Repository with Repository Targets.
Reading the documentation, it implies I should be able to set a repository target with pattern "^/a/b/c/.*" and grant the appropriate CRUD permissions (specifically Read) and assign it to a user or role.
I assumed that if I grand this permission that a user can use the nexus UI to browse to each node of /a/b/c and download anything at or below "c".
However, to get this to work I need to grant all of the following patterns:
^/
^/a/
^/a/b/
^/a/b/c/
^/a/b/c/.*
Is this correct or a bug?
I assume that this has to do with the REST API to expand the tree nodes... accessing the a.b.c|xyz.jar directly with maven probably would work.
This is expected, you need to adjust the regular expression to allow browsing, see here:
https://support.sonatype.com/hc/en-us/articles/213464568-Browse-storage-doesn-t-work-for-users-with-restricted-read-access-
I have a requirement to implement the advance search in sonatype nexus. Can I create the custom keyword to search an artifacts in Nexus? As an example I am looking for all the artifacts uploaded by user "X". In the same way I may have different key to search the artifacts.
Can someone please give me a pointer?
Thanks,
Sanjiv
This is currently not possible with Nexus Repository Manager 3. The user who uploaded an artifact is saved but not to metadata currently. You may file an issue at https://issues.sonatype.org/projects/NEXUS to express interest in this functionality, however.
I am building a Web Application that will be installed many times. The application needs to be able to save certain setting itself upon request.
I have an installer (InnoSetup) but I want to very careful about what permissions I give the Web Application.
I can't use a database.
A default install always leaves the web.config as read-only. (Most secure)
The registry can be problematic. Unless there is a set of keys a DotNet webapp can always write to by default (IIS_IUSR)...
I was considering App_Data, but the default permissions are no longer useful and Inno-Setup can't easily fix it correctly:
https://support.microsoft.com/en-us/kb/2005172
Security and Ease of Setup are both big issues..
I also don't want to make a mess of the machines I install to.
A FAILED solution was to write to the user portion of the registry:
Microsoft.Win32.Registry.CurrentUser.CreateSubKey("Software\\MyCo\\MyApp\\");
var reg = Microsoft.Win32.Registry.CurrentUser.OpenSubKey("Software\\MyCo\\MyApp", true);
reg.SetValue("MyValue", (string)dataString, Microsoft.Win32.RegistryValueKind.String);
But I found out that writing to HKEY_CURRENT_USER is also not allowed by default on Server 2012 and likely others. The server error page is helpful and gives options such as explicitly giving the IUSR_{MachineName} explicit permission but this is a no go for me.
So my final solution is to have the installer create a user configurable folder and then assigning all users Read/Write access to that folder. The administrator can always lock it down more if they want.
If anyone has a better option then let me know.
With InnoSetup I created a new Wizard page to suggest and collect a Data folder from the user. The installer then:
Created that folder and gave All Users Read/Write access,
Added a HKLM registry key telling the Web App where to look for the folder,
Notified the user that they should lock the folder down further to prevent abuse.