Users & Access
Overview
Manage your team’s access to Fly:
- Team Management - Add, remove, and manage team members
- Role Administration - Control permissions with Admin and Developer roles
- Token Management - Generate and revoke tokens for automation
Team Management
User Roles
JFrog Fly has two role types:
Admin Role
Full access to all JFrog Fly functionality:
| Permission | Admin |
|---|---|
| Push/Pull artifacts | ✅ |
| View artifacts and releases | ✅ |
| Manage workflows | ✅ |
| Invite users | ✅ |
| Update user roles | ✅ |
| Delete users | ✅ |
| Create/revoke all tokens | ✅ |
| Manage team settings | ✅ |
Developer Role
Standard development access:
| Permission | Developer |
|---|---|
| Push/Pull artifacts | ✅ |
| View artifacts and releases | ✅ |
| Manage workflows | ✅ |
| View user list | ✅ (read-only) |
| Create tokens | ✅ |
| Revoke own tokens | ✅ (only tokens they created) |
| Invite users | ❌ |
| Update roles | ❌ |
| Delete users | ❌ |
| Revoke others’ tokens | ❌ |
Viewing Team Members
Navigate to Team Management to see:
| Column | Description |
|---|---|
| Name | User’s full name |
| User’s email address | |
| Role | Admin or Developer |
| Status | Active or Pending |
| Last Login | Most recent login timestamp |
| Actions | Available actions (based on your role) |
User Status
Active
- User has completed sign-up
- Can access Fly Registry
- Appears as option for @mentions and searches
Pending
- User has been invited but hasn’t signed up yet
- Invitation email sent
- Can resend invitation if needed
Inviting Users
Invite Flow (Admin Only)
- Click Invite User button
- Fill in user details:
- Email Address (required)
- Role - Choose Admin or Developer
- Click Send Invitation
- User receives email with a signup link
What the User Sees
The invited user receives an email containing:
- A welcome message
- An invitation from your team name
- A signup link
Managing Users
Updating User Roles (Admin Only)
Change a user’s role:
- Navigate to Team Management
- Click on the user you want to update
- Select Change Role
- Choose new role (Admin or Developer)
- Confirm the change
Note: The system ensures at least one Admin always exists.
Removing Users (Admin Only)
Delete a user from the team:
- Navigate to Team Management
- Click on the user to remove
- Select Delete User
- Confirm deletion
Token Management
What Are Tokens?
Tokens are credentials that allow:
- Manual package manager configuration (without Desktop App)
- Connecting runtime environments (e.g., Kubernetes) to Fly Registry
- External system integration
- CI/CD workflows (though OIDC is preferred)
- Programmatic API access
Token Types
Read & Write Token
Full access to artifacts:
- Upload (publish) artifacts
- Download (pull) artifacts
- View artifact metadata
- Create releases (if uploading from external CI)
Use cases:
- Manual local development
- External CI/CD systems
- Automated deployment scripts
Read-Only Token
Limited access:
- Download (pull) artifacts only
- View artifact metadata only
- Cannot upload or modify
Use cases:
- Kubernetes clusters pulling images
- Deployment environments
- External consumers of your packages
- Sharing with partners/customers
Creating Tokens
Token Creation Flow
- Click your user avatar (top-right) and select Token Management
- Click Create Token
- Configure token:
- Name - Descriptive name (e.g., “k8s-production”)
- Permission - Read & Write or Read-Only
- Expiration - Date or “Never”
- Click Create
- Copy token immediately - Shown only once!
Token Configuration
- Name - Should be descriptive (e.g., “k8s-production”, “ci-pipeline”)
- Permission - Read-Only or Read & Write
- Expiration - Choose expiration time
Using Tokens
Token Value
After creation, the token value is shown once:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...Critical: Copy and save immediately. If lost, you must create a new token and revoke the old one.
Manual Package Manager Configuration
Use tokens to manually configure package managers:
npm
Add to .npmrc:
registry=https://<your-fly-subdomain>.jfrog.io/artifactory/api/npm/npm/
//<your-fly-subdomain>.jfrog.io/artifactory/api/npm/npm/:_authToken=<your-fly-token>pip
Add to pip.conf or use environment variable:
export PIP_INDEX_URL=https://<your-fly-username>:<your-fly-token>@<your-fly-subdomain>.jfrog.io/artifactory/api/pypi/pypi/simpleDocker
Login with token:
docker login <your-fly-subdomain>.jfrog.io/docker -u <your-fly-username> -p <your-fly-token>See Package Managers for all package managers.
Managing Tokens
Viewing Tokens
Click your user avatar (top-right) and select Token Management to see:
| Column | Description |
|---|---|
| Name | Token name |
| Username | Token-specific username for authentication |
| Permission | Read & Write or Read-Only |
| Created By | User who created the token |
| Created | Creation timestamp |
| Expires | Expiration date |
| Status | Active, Expired, or Revoked |
Revoking Tokens
Immediately invalidate a token:
- Click your user avatar (top-right) and select Token Management
- Find the token to revoke
- Click Revoke
- Confirm revocation
Effects:
- Token immediately becomes invalid
- Any systems using the token lose access
- Token cannot be unrevoked
- Token is marked as “Revoked” in the list
Permissions:
- Admins can revoke any token
- Developers can only revoke their own tokens
Deleting Tokens
Remove token from the list:
- Click your user avatar (top-right) and select Token Management
- Find an Expired or Revoked token
- Click Delete
- Confirm deletion
Note: Can only delete non-active tokens.