From: Jessica Wagantall <jwagantall@linuxfoundation.org>
Date: Fri, 15 Jun 2018 21:25:14 +0000 (-0700)
Subject: Add Nexus 2 users and roles docs.
X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=commitdiff_plain;h=f539ee8d21a4789c3f88438e6e654a3dc0703f41;p=releng%2Fdocs.git

Add Nexus 2 users and roles docs.

Add Nexus 2 documentation explaining users, roles
and privileges and how they are all related.
Include links to official documentation.

Change-Id: I24629d55b6dc6e961aa00a2bf401961cdc0ff2e4
Issue-ID: RELENG-969
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
---

diff --git a/docs/_static/nexus-privileges.png b/docs/_static/nexus-privileges.png
new file mode 100644
index 0000000..87084c9
Binary files /dev/null and b/docs/_static/nexus-privileges.png differ
diff --git a/docs/_static/nexus-roles.png b/docs/_static/nexus-roles.png
new file mode 100644
index 0000000..e90986a
Binary files /dev/null and b/docs/_static/nexus-roles.png differ
diff --git a/docs/_static/nexus-users.png b/docs/_static/nexus-users.png
new file mode 100644
index 0000000..193d1df
Binary files /dev/null and b/docs/_static/nexus-users.png differ
diff --git a/docs/nexus2.rst b/docs/nexus2.rst
index 0009542..5a824d3 100644
--- a/docs/nexus2.rst
+++ b/docs/nexus2.rst
@@ -99,6 +99,57 @@ In the Gerrit repository's pom.xml, include the ServerIds in the following manne
    More information on access configuration for each Gerrit repository in
    :ref:`Create Nexus2 repos with lftools <create-repos-lftools>`.
 
+.. _nexus-users-roles:
+
+Users, Roles and Privileges
+===========================
+
+Users, roles and privileges are key to manage and restrict access into Nexus
+repositories. Anonymous users have read permissions, while administration teams and CI accounts
+have write and delete permissions.
+
+Sonatype's documentation on creating users, roles and privileges found in:
+https://help.sonatype.com/repomanager2/configuration/managing-users/, and
+https://help.sonatype.com/repomanager2/configuration/managing-roles/.
+
+For LF projects, a user per Gerrit repository exists matching the repository name.
+
+.. image:: _static/nexus-users.png
+   :alt: Nexus users.
+   :align: center
+
+Similarly, roles and privileges match the name of the Gerrit repository. The following
+privileges exist:
+
+* Repo All Repositories (Read)
+* <project-name> (create)
+* <project-name> (delete)
+* <project-name> (read)
+* <project-name> (update)
+
+.. note::
+
+   Where "<project-name>" matches the Gerrit name of the repository.
+
+.. image:: _static/nexus-roles.png
+   :alt: Nexus roles.
+   :align: center
+
+Add roles required for Nexus users:
+
+:<project-name>: Which groups the privileges mentioned above.
+:LF Deployment Role: To deploy into the Snapshots and Releases repositories.
+:Staging: Deployer (autorelease) For projects using the Staging Profile to create autoreleases.
+
+.. image:: _static/nexus-privileges.png
+   :alt: Nexus privileges.
+   :align: center
+
+.. note::
+
+   More information on users, roles and privileges configuration using lftools along with the
+   repos in :ref:`Create Nexus2 repos with lftools <create-repos-lftools>`.
+
 .. _create-repos-lftools:
 
 Create Nexus2 repos with lftools