General Administration Activities in JFrog Artifactory

By Sruthy

By Sruthy

Sruthy, with her 10+ years of experience, is a dynamic professional who seamlessly blends her creative soul with technical prowess. With a Technical Degree in Graphics Design and Communications and a Bachelor’s Degree in Electronics and Communication, she brings a unique combination of artistic flair…

Learn about our editorial policies.
Updated October 30, 2024
Edited by Kamila

Edited by Kamila

Kamila is an AI-based technical expert, author, and trainer with a Master’s degree in CRM. She has over 15 years of work experience in several top-notch IT companies. She has published more than 500 articles on various Software Testing Related Topics, Programming Languages, AI Concepts,…

Learn about our editorial policies.

Deeply understand how to manage the most commonly used General Administration Activities in JFrog Artifactory. Analyze how these activities are performed by the project admin:

In this article, we will look at administering certain critical activities as part of your JFrog Artifactory Administration needs.

This tutorial will cover topics like creating users and assigning permission, creating permission targets, artifactory settings to enable folder downloads, trash can retention settings, adding custom messages, etc for the JFrog SAAS environment.

Typically the above activities are performed either by the Platform Admin or Project Admin.

=> In-Depth JFrog Tutorials for Beginners

General Administration Activities in JFrog: Must-Know Steps

JFrog Artifactory

JFrog Artifactory SAAS now has two User Interfaces (UI). One is Classic UI and the other is New UI (Currently in Beta).

The admin activities can be done as per Platform configuration in the new UI and in Classic UI it is the old Administration TAB. You can switch between the UI from the Profile menu.

NewUI ClassicUI

Creating User and Assigning Permission

In this section let’s look at how User Management and Tokens in Artifactory can be managed from the Administration Tab. Login to the Artifactory URL and go to the Administration TAB.

#1) In the new UI, click on Platform Configurations -> User Management -> Users

In the classic UI, click on User Management -> Users

user management

#2) Click on + New user

#3) Enter a Username, email, and password (scroll below to provide the same)

Enter a Username, email, and password

#4) If the user is supposed to be Admin then click on the role Administer Platform. Click on Save.

We still have not provided access to any repository for the user. To do this we need to create a Permission Target.

Also Read =>> What is GitHub and How to Create a Repository

Create Permission Target

This will provide users access to the repository.

#1) In the Administration Tab, click on Permissions under User Management.

Permissions

#2) Click on +New Permission. Provide a name and click on + Add Repositories.

Add Repositories

#3) Select a Local Repository for this permission target.

Local Repository
Repository

#4) Click OK.

#5) Click on the Users Tab and + under Selected Users

Selected users
Select users

#6) Click OK once you select all users.

#7) Select the appropriate permissions under the Repositories section and click on Create.

Select the appropriate permissions

Read permission will allow only to download artifacts that are already available in the remote cache. New artifacts will not be downloaded which are not available or do not exist in the remote cache.

Deploy permission will allow caching of artifacts from Dockerhub, and Maven central to the remote repositories in Artifactory

Admin users will have access to all repositories by default. Users can log in and start accessing the repositories. Normally if SAML Single Sign On is enabled then users will log in with their corporate ID and Password.

=>> Read SAML SSO – JFrog – JFrog Documentation to find out more about configuring SAML for your JFrog site.

Creating Identity Token

Creating any kind of token provides a flexible way of authentication. We will look at how it can be used, especially in pipelines or logins using docker. Using an Identity token is the preferred way.

#1) Go to the User Profile -> Edit Profile

Edit Profile

#2) Unlock your profile.

Unlock Profile

#3) Click on Generate an Identity Token.

Generate an Identity Token
Identity Token

Copy and Save the token locally. The tokens generated can be used for authentication for all of the package types and also used in CI/CD pipelines instead of passwords.

Locking and Unlocking User

Artifactory can be configured to lock a user’s account after a specified number of failed login attempts. In the new UI, this can be enabled under Administration -> Platform Configurations -> Platform Security -> General by checking the box ‘Lock User After Exceeding Max Failed Login Attempts’, and specifying the Max Failed Login Attempts field.

In the classic UI, the option can be found in Administration -> User Management -> Settings.

Locking and Unlocking user

Only a platform administrator can unlock the user’s account by clicking on the link given below in the Security configuration ‘Unlock All Users’.

Enabling Anonymous Access

Artifactory supports the concept of a pre-defined Anonymous user which can be used to download cached artifacts and also populate caches irrespective of the permissions defined.

For example, the team would like to enable anonymous access for local repositories but would like to know for remote repositories who downloaded certain artifacts. So anonymous access need not be enabled for remote repositories.

To activate an anonymous user in the new UI, go to Administration -> Platform Configurations -> Platform Security -> General. Enable the checkbox ‘Allow Anonymous Access’.

In the classic UI, the option can be found in Administration -> User Management -> Settings.

activate an anonymous user

Go to User Management -> Users. If you look at anonymous users, it is assigned to the Anything and Any Remote permission target by default.

user management

Remove permissions for both Anything and Any Remote for the anonymous user. Click on each of these permission targets and go to Users TAB. Click on Save once done.

Any Remote Permission Target

Any Remote Permission Target

Anything Permission Target

Anything Permission Target

Let’s look at how to implement the use case of providing Anonymous access to local repositories but specifying users for access to remote repositories. We will need to create 2 permission targets. One for each.

Permission target for local repositories – Anonymous access

Go to Administration -> User Management -> Permissions. Click on + New Permission.

In the Resources section, click on Add Repositories. Select the checkbox Any Local Repository and click on OK.

Resources section

Next, add the anonymous user with Read permission so that any anonymous request can read and access artifacts in all.

User with Read permission

Similarly, create a permission target for Remote repositories and select the check box Any Remote Repository while adding Repositories. Click OK.

Any Remote Repository

Now add specific users who will be able to access all remote repositories and also deploy artifacts to the remote cache. Click on Save.

add specific users

Artifactory Settings for Folder Download and Trash Can Retention

Artifactory provides 2 options, one for folder-level download from local repositories when using API with CURL command. The other is to ensure how long the artifacts once deleted from your local repository can remain in the trash can.

To set this in the classic UI, go to Administration -> Artifactory -> General -> Settings. Select the checkboxes for options as shown.

In the new UI, set this option in Administration -> Platform Configurations -> Artifactory Settings -> Settings

Artifactory settings

For example, downloading a folder.

curl -XGET -u niranjan:<Identity Token> “https://<Server>.jfrog.io/artifactory/api/archive/download/example-repo-local/doc?archiveType=zip” –output example-local2.zip

In the above command doc is the folder that we are trying to download only and not the contents of the entire repository.

Adding Custom Message for the Instance

To add any custom message at the instance level to communicate important information/messages to all Artifactory users in the new UI, go to Administration -> Platform Configurations -> Platform Management -> General. Enable the custom message settings and add the text. Click on Save once done.

custom message settings

In the classic UI, set this option in Administration -> General -> Settings

Adding Custom message settings

Maximum Size for Uploading Files

In organizations, there could be certain network/bandwidth restrictions concerning uploading and downloading files from SAAS platforms. To take care of these aspects we can set the maximum file size setting for uploading in Artifactory.

In the new UI, set this option in Administration -> Platform Configurations -> Artifactory Settings -> Settings

maximum file size setting

In the classic UI, go to Administration -> Artifactory -> General Settings. Set the size in MB as shown below.

Set the size in MB

Property Sets

Typically, when you want to tag a repository, you can use Property sets to define a property of single or multiple values. Property sets can also be used in locating items.

For example, we can tag a repository being used exclusively in India or European locations so that the teams have the clarity to upload any artifacts appropriately.

#1) To create a Property set in the classic UI, go to Administration -> Services -> Artifactory -> General -> Property Sets

Property Sets

#2) Click on New Property Sets.

New Property Sets

#3) Provide a name and click on New Record.

New Record

#4) Add a Property Name using the Single Select value and click on Save.

Property Sets4

#5) Click on Save in the main Property Set screen.

Property Set screen

Assigning Property Set to Repository

To assign a Property set to a repository, go to the Administration Tab -> Repositories. Go to the Advanced Tab of the repository and add the property set just created. Click on Save once done.

Property set to a repository

Apply the property set and value to a local repository

Go to the Application TAB, click on the local repository, and click on Properties -> Property set sub tab. You need not be an Admin to perform the below steps.

Property set

Select the Property set and value and click on Add. Selecting Recursive will be added to all folders and artifacts under the repository. The final view is shown below after selecting the Property set and values.

Select the Property set and value

Creating Projects

Normally in self-hosted and SAAS Artifactory, storage is an important aspect of pricing that has to be controlled. So it is very important to plan. Projects in Artifactory help to plan and control storage usage. With projects, you can add users/groups with Project Admin / Member privileges, assign repositories, etc.

#1) In the new UI to create a project, go to Platform Configurations -> Projects

Creating Projects1

In the classic UI to create a project, go to Administration -> Projects and click on Create New

Administration

#2) Provide a project name and key. Set the Storage quota as well.

Provide a project name and key

#3) Click on Create.

#4) Go to the Administration -> Repositories.

#5) Select the Local Repository and click on Assign Project.

Select the Local Repository
Assign Repositories

#6) Click on Assign To Project. Once assigned, the project admin can then add other members to the project.

Project Admin can click on Edit Settings to increase quota size and add members to the Developer role.

Edit Settings

In the screenshot, you can see multiple roles like Developer, Viewer, etc. JFrog Artifactory supports Role Based Access Control. Let’s look at Global and Project Roles.

Global roles apply to projects and are pre-defined. New Global roles cannot be created only new project roles specific to the project can be created

To view the Global roles in the Administration pane, ensure All Projects are selected from the Projects list in the taskbar.

Global roles

Now go to Administration -> User Management -> Global Roles. You can look at the access controls provided like Read/Write/Delete Artifacts and other controls.

access controls

Project Roles are a combination of Global roles and Customized roles. To create a project role you need to be a platform admin or a project admin.

From the projects drop-down list select the project for which to assign the role. At this level, go to User Management -> Roles

Roles

Click on + Create Project Role. Add the role name and select the appropriate controls/actions. Click on Create.

create project role

The role is now available for the project. Click on + Add Members and select the Tester role.

Add Members

Conclusion

In this very important article, we have seen the most commonly used General administration activities performed by the platform admin or the project admin.

The activities shown in this article from my experience have been used almost daily to administer the platform to support the project teams in their day-to-day development and deployment activities.

Suggested Reading =>> Most Popular On-premise and Cloud DevOps Tools

Hope this article can help you as a platform admin to effectively perform your activities.

PREV Tutorial | NEXT Tutorial

Was this helpful?

Thanks for your feedback!

Leave a Comment