So here is my scenario so I can see if it makes sense and might be supported at this point?
Scenario 1 I have 3 managed repositories. One has a proxy out to the Maven type repositories and holds all of our open source and maven related stuff. The second repository holds all of our licensed software and the third holds our internal build artifacts/applications. All users access the combined repositories via the proxy so for example http://localhost:8080/archiva/proxy . We would like to control on a group or perhaps artifact/version level who can use which things from the repository. For example you would need permission to use one of the licensed artifacts or perhaps we are just testing the latest version of Hibernate or Spring and don't want everyone to have access or perhaps there is a specific license that we deem risky and we want to limit the number of people using artifacts of that license (Initially by artifact or group but eventually it would be nice to have a record of license types to report on from within the repo). Scenario 2 We have an SCM team and we have repositories for each environment dev, qa, stage, train, prod. We only want members of the SCM team to be able to upload and download artifacts from that repository. Even though all of this is done via the proxy (except for the upload I believe). I know that some of this might be beyond what is there today or planned but those are some scenarios we are trying to support enterprise wide. Scott Ryan Chief Technology Officer Soaring Eagle L.L.C. [EMAIL PROTECTED] www.soaringeagleco.com (303) 263-3044 -----Original Message----- From: Jesse McConnell [mailto:[EMAIL PROTECTED] Sent: Friday, October 20, 2006 8:39 PM To: archiva-dev@maven.apache.org; [EMAIL PROTECTED] Subject: Re: Status of Security features its in and on the trunk. at the moment the permission assignments are static but with the next iteration of the plexus-security integration we'll have more dynamic permission creation for assigning to roles. I think we need to come up with some more stories about how archiva will be used in practice by different 'jobs' but there is a pretty decent first pass in place right now I think. feedback is of course, more then welcome :) jesse On 10/20/06, Scott Ryan <[EMAIL PROTECTED]> wrote: > I noticed a detailed discussion on rbac security and the roles and actions > associated with it. That looks like a very powerful feature. What is the > status of implementing this into Archiva? > > Scott Ryan > Chief Technology Officer > Soaring Eagle L.L.C. > [EMAIL PROTECTED] > www.soaringeagleco.com > (303) 263-3044 > > -- jesse mcconnell [EMAIL PROTECTED]