More information on access configuration for each Gerrit repository in
:ref:`Create Nexus2 repos with lftools <create-repos-lftools>`.
+.. _nexus-users-roles:
+
+Users, Roles and Privileges
+===========================
+
+Users, roles and privileges are key to manage and restrict access into Nexus
+repositories. Anonymous users have read permissions, while administration teams and CI accounts
+have write and delete permissions.
+
+Sonatype's documentation on creating users, roles and privileges found in:
+https://help.sonatype.com/repomanager2/configuration/managing-users/, and
+https://help.sonatype.com/repomanager2/configuration/managing-roles/.
+
+For LF projects, a user per Gerrit repository exists matching the repository name.
+
+.. image:: _static/nexus-users.png
+ :alt: Nexus users.
+ :align: center
+
+Similarly, roles and privileges match the name of the Gerrit repository. The following
+privileges exist:
+
+* Repo All Repositories (Read)
+* <project-name> (create)
+* <project-name> (delete)
+* <project-name> (read)
+* <project-name> (update)
+
+.. note::
+
+ Where "<project-name>" matches the Gerrit name of the repository.
+
+.. image:: _static/nexus-roles.png
+ :alt: Nexus roles.
+ :align: center
+
+Add roles required for Nexus users:
+
+:<project-name>: Which groups the privileges mentioned above.
+:LF Deployment Role: To deploy into the Snapshots and Releases repositories.
+:Staging: Deployer (autorelease) For projects using the Staging Profile to create autoreleases.
+
+.. image:: _static/nexus-privileges.png
+ :alt: Nexus privileges.
+ :align: center
+
+.. note::
+
+ More information on users, roles and privileges configuration using lftools along with the
+ repos in :ref:`Create Nexus2 repos with lftools <create-repos-lftools>`.
+
.. _create-repos-lftools:
Create Nexus2 repos with lftools
Code Review / releng / docs.git / commitdiff
