nexus3 setting wildcard privilege to read & run a single task

[Frank Black]

Hi All,

I'm trying to figure out how to set up a wildcard privilege to do 2 simple things. I want to restrict the user to only those 2 things for security reasons:

1. Execute a task called "backup_db" that exports the configuration & metadata for backup

2. Enables and disables read-only mode.

I was looking at this article from Peter https://support.sonatype.com/hc/en-us/articles/115004173868-Repository-Manager-3-x-Security-Reference

I can't seem to figure out what to write for step 1. I was thinking something like: "nexus:tasks:Name_Of_task:start,stop" but that doesn't work. Is there a way to list all of the options that are available? I know there's a "nx-tasks-run" default privilege, but I really want to limit this user to the "backup_db" task.

For step 2, i'm at a complete lost.I don't know what the action might be. "nexus:nodes:..." ?

Thanks for your help,

Frank.

[sgl...@integralads.com]

One thing you could do is run the task via scripting.  You could then create an nx-script-<name of your script>-run permission and assign the user to it.

[Frank Black]

Thanks, that would work. I'm not familiar enough with groovy to do that myself though. For part #2 to put the system in read-only mode, looking at the logs, it looks like it requires privileges nexus:* so I think i'm stuck using an admin account for this?

[Alastair Montgomery]

Was trying to figure out the same thing, Sonatype support confirmed the "readonly" mode can only be activated by an adminstrator (admin/ nx-all) user.

[Frank Black]

It would be nice if they could add a specific role for enabling read-only mode.

I gave up on task #2. I did not want to have an admin user hard coded in a script that does this daily so I'm just hoping there's not too many changes between the time I backup the database vs backing up the blob stores.