Archiva uses the Redback security framework for managing repository security. When the server is first started, you will be prompted to create an administration user. This user will be given permission to administer all aspects of the system (as well as access to all of the repositories). This user can then be used to grant permissions to other users.
A guest user is also created by default, and given read access to the default repositories (internal and snapshots). Repositories with guest user access can be accessed without the use of a username and password (or without being logged in to the web interface).
However, when new repositories are created, by default no permissions are assigned and only the administrators will have access until it is explicitly granted.
Note that Redback has the concept of inferred roles, so the assignment of some roles will imply other roles (which will be displayed in the web interface).
Archiva contains the following roles for repository access:
Archiva also contains the following general roles for security of the instance:
The guest and registered user roles do not affect repository access.