GCP IAM Auth Organization Viewer

[JohnDzialo]

Hi!

I was curious about the choice to only allow access through gcp iam auth with the organization viewer role.

In our organization this leads to some issues with out IT team. we don't necessarily want every user with nexus access to have access to view all of the projects in our organization.

Could this be linked to the project level instead? Is this in the works?

If not what is the reasoning behind choosing organization viewer as the permission to access nexus.

Thanks!

[pires]

Hello @JohnDzialo.

This permission is, or better, was needed in order for the proxy to validate that your email is indeed part of the org. At the time (one year+ ago) we couldn't find another way to do it and it works fine for our IT.
Having said that, there's no ongoing work to change that. So, it would be great if you or someone could contribute with a solution. We'd be very happy to test and review!