Artifactory 5.x

Using Artifactory 6.x ?
JFrog Artifactory 6.x User Guide

Expand all Collapse all

Have a question? Want to report an issue?Contact JFrog support

Skip to end of metadata
Go to start of metadata

Overview

You can manage access to repositories by defining users, assigning them to groups and setting up roles and permissions which can be applied to both users and groups.

Creating and Editing Users

To manage users who can access repositories in your system, in theAdminmodule, selectSecurity | Users.


Page Contents

Create a new user by clickingNewat the top of the users table.

Only administrators can create users

To create users you must be an administrator (unless you are using external authentication such as LDAP)


Add new user

In theNew User(orEdit User) dialog you can set theUser Name,Email AddressandPasswordfor the user as well as the following parameters:

Admin
 When set, this user is an administrator with all the ensuing privileges. For more details please refer toAdministrator Users.
迪sable UI Access
 When set, this user can only access Artifactory through the REST API.
Can Update Profile

When set, this user can update their profile details (except for the password. Only an administrator can update the password).

There may be cases in which you want to leave this unset to prevent users from updating their profile. For example, a departmental user with a single password shared between all department members.
迪sable Internal Password
 When set, disables the fallback of using an internal password when external authentication (such as LDAP) is enabled.

Artifactory stores passwords as hashes or encrypted hashes.

If the user has generated an API key, you can revoke it from theActionsmenu.

Revoke API key

Administrator Users

管理员用户是Artifactory作为“根" is to UNIX systems. Administrators are not subject to any security restrictions, and we therefore recommend to create a minimum number of administrators in your system.
You can control which permission-targets administrators have access to thereby assigning responsibility for a specific repository path. For details please refer toManaging Permissions.

The Default Admin Account

The default user name and password for the built-in administrator user are:admin/password.
You should change the password after first log in. If you forget the admin account password, you can recover it. Please refer toRecreating the Default Admin User.

The Anonymous User

Artifactory supports the concept of anonymous users and installs with a pre-definedanonymoususer to which you can assignpermissionsjust like for any other user.

Anonymous access can be controlled underSecurity General Configuration.SetAllow Anonymous Accessto activate the anonymous user. The anonymous user must be activated before you can fine tune its permissions.

When anonymous access is activated, anonymous requests can download cached artifacts and populate caches, regardless of other permissions defined.

Creating and Editing Groups

A group represents a role in Artifactory and is used with RBAC (Role-Based Access Control) rules.

To manage groups, in theAdminmodule selectSecurity | Groups.

Group Management


Create a new group by clickingNewat the top of the groups table.

Add new group

You must assign a unique name to each group and can add an optional description

Default Groups

When creating (or editing) a group you can setAutomatically Join New Users to this Group.

When this parameter is set, any new users defined in the system are automatically assigned to this group.

This is particularly useful if users are defined automatically and you want them to be assigned to certain groups. For example, when using external authentication such as LDAP, users are automatically created on successful login and you can use this parameter to assign these users to particular groups by default.

Admin Privileges for a Group

IfAdmin Privilegesis set, any users added to this group will automatically be assigned with admin privileges in the system.
For reasons of security when Admin Privileges is set,Automatically Join New Users to this Groupis disabled so that new users are not automatically provided with admin privileges.

User Management

There are two ways to manage users' assignment to groups:

  1. Setting the groups for a user
  2. Setting the users for a group

Setting permissions

In both cases, you can assign corresponding permissions to the user or group respectively on the same screen. For more details please refer toManaging Permissions.

Setting Groups for a User

You can assign and remove a user from groups when the user is created or by editing user's details later.

In theAdminmodule, underSecurity | Users, from the list of users, select the user you wish to assign to or remove from groups.

In theRelated Groupssection of the form, you can set which groups the user should be assigned to.

Related Groups

Setting Users for a Group

You can assign and remove a users from a group by editing the group's details.

In theAdminmodule, underSecurity | Groups, from the list of groups, select the group you wish modify.

In theUserssection of the form, you can set which users should be assigned to the group.

Manage group users

Recreating the Default Admin User

If you are unable to obtain administrator access, you will need to recreate the default administrator user in order to be able to manage users of your system using the following steps::

  1. Obtain a security configuration file
  2. Reset the admin password
  3. 正确的地方的安全配置文件

Obtaining a Security Configuration File

The security configuration file is calledsecurity.xml.

If your instance of Artifactory is configured to performbackupsautomatically, you can find it in the root backup folder.

If Artifactory isnotconfigured to perform backups automatically you need to force creation of a newsecurity.xmlfile as follows:

  • Remove the file$ARTIFACTORY_HOME/data/.deleteForSecurityMarkerand restart Artifactory.
  • Make sure that Artifactory completes the startup sequence without interruption
  • The security configuration file with the current time stamp can be found in$ARTIFACTORY_HOME/etc/security.


Please note:

This process is available for Artifactory versions below 5.6.


Resetting the Admin Password

Reset the admin password as follows:

  • Make a copy of thesecurity.xmlfile you obtained in the previous section

  • In the copy, edit the admin's password field and enter the password hash code (according to your version of Artifactory) as follows:

    Admin password hash code 
    For version 3.x and above: 1f70548d73baca61aab8660733c7de81 For version 2.x: 5f4dcc3b5aa765d61d8327deb882cf99

Replacing the Security Configuration File

  • Place the modified security configuration file under$ARTIFACTORY_HOME/etc
  • Rename the file tosecurity.import.xml
  • Restart Artifactory

Once Artifactory has completed its startup sequence you will be able to login using the default admin user credentials:

User

 admin

Password

 password

迪sablingRemember Meat Login

The Artifactory login screen includes aRemember Mecheckbox. If the user sets this checkbox when logging in, Artifactory will store a cookie in the browser for a period of 7 days allowing the user to be logged in automatically when starting up Artifactory.

Once the cookie expires, the user will have to log in again.

Remember Me

An Artifactory administrator can disable this feature and force all users to enter their credentials at every login. To do so simply add the following property to$ARTIFACTORY_HOME/etc/artifactory.system.propertiesand restart Artifactory:

artifactory.security.disableRememberMe=true
  • No labels