Archiva Security Roles

This document will attempt to explain the various Security Roles present in archiva, and how they are used.

NOTE: Archiva security is only enforced in the webapp.

Permanent Roles

Role Name	Permissions	Child Roles
System Administrator	P( archiva-manage-users, * ) P( archiva-run-indexer, * ) P( archiva-regenerate-index, * ) P( archiva-access-reports, * )	Global Repository Manager
User Administrator	P( archiva-manage-users, * )	-
Global Repository Manager	P( archiva-manage-configuration, * ) P( archiva-edit-configuration, * ) P( archiva-add-repository, * ) P( archiva-edit-repository, * ) P( archiva-delete-repository, * )
Global Repository Observer	P( archiva-read-repository, * )
Registered User

Dynamic Roles

Role Name	Permissions	Child Roles
Repository Manager	P( archiva-add-repository, dynamic_repository_id ) P( archiva-edit-repository, dynamic_repository_id ) P( archiva-delete-repository, dynamic_repository_id ) P( archiva-read-repository, dynamic_repository_id )
Repository Observer	P( archiva-read-repository, dynamic_repository_id )	-

Logical Explanation of Roles

System Administrator: access to everything
User Administrator: access to manager users and their role assignments
Registered User: access to edit their personal information
Global Repository Manager: has administrative access to setup and maintain managed and proxy repositories as well as manage content in the repository
Global Repository Observer: has complete access to read contents of all repositories
Repository Manager - X: has rights to manage content in the X repository
Repository Observer - X: has rights to read content in the x repository

Proposals

Collapse P( archiva-edit-repository ), P( archiva-delete-repository ), and P( archiva-add-repository ) into a single permission P( archiva-change-repository )

Child pages

Security Roles

Archiva Security Roles

Permanent Roles

Dynamic Roles

Logical Explanation of Roles

Proposals