You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@archiva.apache.org by "Jonathan Sharp (JIRA)" <ji...@codehaus.org> on 2015/03/11 18:44:18 UTC

[jira] (MRM-1170) Add a new role for "Delete artifact"

    [ https://jira.codehaus.org/browse/MRM-1170?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=364827#comment-364827 ] 

Jonathan Sharp commented on MRM-1170:
-------------------------------------

@olamy no problem, I've been a little swamped with other work lately. I'll put it in a pull request as soon as I can. 

Where's the JIRA going to be migrated?

> Add a new role for "Delete artifact"
> ------------------------------------
>
>                 Key: MRM-1170
>                 URL: https://jira.codehaus.org/browse/MRM-1170
>             Project: Archiva
>          Issue Type: Bug
>    Affects Versions: 1.2
>         Environment: Repository on Unix
>            Reporter: Sonia Lodovichetti
>            Assignee: Olivier Lamy
>             Fix For: 2.2.1
>
>         Attachments: MRM-1170.patch
>
>
> It would definitely be a must to add a role for "delete artifact" and not  encapsulate in the Repository Manager role, maybe a Read-Write-Delete-Upload? permission style.
> Here is my use case:
> Here is the use case:
> With Archiva 2.1, there is now the "Delete Artifact" possibility in the UI, as long as you are a "Repository Manager", you have access to it.  In the past, we used the "guest" logon for everyone which was "Repository manager" for our snapshots and development repositories, hence no username/password in the settings.xml file.  And everyone could deploy to those repositories, and from the command-line (mvn deploy or mvn deploy:deploy-file) .
> Now we don't want everyone to go to the UI and have the possibility to delete artifacts from those repositories, so we can't give "guest" the "Repository manager" role for those repositories anymore, because if we do the "delete Artifact" functionality is enabled.
> We've then created a "deployment" user which has those roles, add it to the settings.xml file and make sure to find a way to "hide" the password!  



--
This message was sent by Atlassian JIRA
(v6.1.6#6162)