Sonatype Nexus · Capability

Sonatype Nexus Repository Manager — Security management: users

Sonatype Nexus Repository Manager — Security management: users. 9 operations. Lead operation: Retrieve a list of users. For SAML user sources a limit of 1000 users will be applied.. Self-contained Naftiko capability covering one Sonatype Nexus business surface.

Run with Naftiko Sonatype NexusSecurity management: users

What You Can Do

GET
Getusers — Retrieve a list of users. For SAML user sources a limit of 1000 users will be applied.
/v1/v1/security/users
POST
Createuser — Create a new user in the default source.
/v1/v1/security/users
DELETE
Deleteuser — Delete a user.
/v1/v1/security/users/{userid}
PUT
Updateuser — Update an existing user.
/v1/v1/security/users/{userid}
PUT
Changepassword — Change a user's password.
/v1/v1/security/users/{userid}/change-password
DELETE
Delete4 — Delete the user token for the given user.
/v1/v1/security/users/{userid}/{realm}/user-token
GET
Get3 — Get user token metadata for the given user.
/v1/v1/security/users/{userid}/{realm}/user-token
POST
Create3 — Create a user token for the given user.
/v1/v1/security/users/{userid}/{realm}/user-token
DELETE
Reset — Reset the user token for the given user.
/v1/v1/security/users/{userid}/{realm}/user-token-reset

MCP Tools

retrieve-list-users-saml-user

Retrieve a list of users. For SAML user sources a limit of 1000 users will be applied.

read-only idempotent
create-new-user-default-source

Create a new user in the default source.

delete-user

Delete a user.

idempotent
update-existing-user

Update an existing user.

idempotent
change-user-s-password

Change a user's password.

idempotent
delete-user-token-given-user

Delete the user token for the given user.

idempotent
get-user-token-metadata-given

Get user token metadata for the given user.

read-only idempotent
create-user-token-given-user

Create a user token for the given user.

reset-user-token-given-user

Reset the user token for the given user.

idempotent

Capability Spec

repository-security-management-users.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: 'Sonatype Nexus Repository Manager — Security management: users'
  description: 'Sonatype Nexus Repository Manager — Security management: users. 9 operations. Lead operation: Retrieve a list
    of users. For SAML user sources a limit of 1000 users will be applied.. Self-contained Naftiko capability covering one
    Sonatype Nexus business surface.'
  tags:
  - Sonatype Nexus
  - 'Security management: users'
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    SONATYPE_NEXUS_API_KEY: SONATYPE_NEXUS_API_KEY
capability:
  consumes:
  - type: http
    namespace: repository-security-management-users
    baseUri: ''
    description: 'Sonatype Nexus Repository Manager — Security management: users business capability. Self-contained, no shared
      references.'
    resources:
    - name: v1-security-users
      path: /v1/security/users
      operations:
      - name: getusers
        method: GET
        description: Retrieve a list of users. For SAML user sources a limit of 1000 users will be applied.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: query
          type: string
          description: An optional term to search userids for.
        - name: source
          in: query
          type: string
          description: An optional user source to restrict the search to.
      - name: createuser
        method: POST
        description: Create a new user in the default source.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: v1-security-users-userId
      path: /v1/security/users/{userId}
      operations:
      - name: deleteuser
        method: DELETE
        description: Delete a user.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          description: The userid the request should apply to.
          required: true
        - name: realm
          in: query
          type: string
          description: The realm the request should apply to.
      - name: updateuser
        method: PUT
        description: Update an existing user.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          description: The userid the request should apply to.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: v1-security-users-userId-change-password
      path: /v1/security/users/{userId}/change-password
      operations:
      - name: changepassword
        method: PUT
        description: Change a user's password.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          description: The userid the request should apply to.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: v1-security-users-userId-realm-user-token
      path: /v1/security/users/{userId}/{realm}/user-token
      operations:
      - name: delete4
        method: DELETE
        description: Delete the user token for the given user.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          description: The userId of the user to delete the token for
          required: true
        - name: realm
          in: path
          type: string
          description: The realm of the user to delete the token for
          required: true
      - name: get3
        method: GET
        description: Get user token metadata for the given user.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          description: The userId of the user to get the token for
          required: true
        - name: realm
          in: path
          type: string
          description: The realm of the user to get the token for
          required: true
      - name: create3
        method: POST
        description: Create a user token for the given user.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          description: The userId of the user to create the token for
          required: true
        - name: realm
          in: path
          type: string
          description: The realm of the user to create the token for
          required: true
    - name: v1-security-users-userId-realm-user-token-reset
      path: /v1/security/users/{userId}/{realm}/user-token-reset
      operations:
      - name: reset
        method: DELETE
        description: Reset the user token for the given user.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: userId
          in: path
          type: string
          description: The userId of the user to reset the token for
          required: true
        - name: realm
          in: path
          type: string
          description: The realm of the user to reset the token for
          required: true
    authentication:
      type: basic
      username: '{{env.SONATYPE_NEXUS_USER}}'
      password: '{{env.SONATYPE_NEXUS_PASS}}'
  exposes:
  - type: rest
    namespace: repository-security-management-users-rest
    port: 8080
    description: 'REST adapter for Sonatype Nexus Repository Manager — Security management: users. One Spectral-compliant
      resource per consumed operation, prefixed with /v1.'
    resources:
    - path: /v1/v1/security/users
      name: v1-security-users
      description: REST surface for v1-security-users.
      operations:
      - method: GET
        name: getusers
        description: Retrieve a list of users. For SAML user sources a limit of 1000 users will be applied.
        call: repository-security-management-users.getusers
        with:
          userId: rest.userId
          source: rest.source
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createuser
        description: Create a new user in the default source.
        call: repository-security-management-users.createuser
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/security/users/{userid}
      name: v1-security-users-userid
      description: REST surface for v1-security-users-userId.
      operations:
      - method: DELETE
        name: deleteuser
        description: Delete a user.
        call: repository-security-management-users.deleteuser
        with:
          userId: rest.userId
          realm: rest.realm
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: updateuser
        description: Update an existing user.
        call: repository-security-management-users.updateuser
        with:
          userId: rest.userId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/security/users/{userid}/change-password
      name: v1-security-users-userid-change-password
      description: REST surface for v1-security-users-userId-change-password.
      operations:
      - method: PUT
        name: changepassword
        description: Change a user's password.
        call: repository-security-management-users.changepassword
        with:
          userId: rest.userId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/security/users/{userid}/{realm}/user-token
      name: v1-security-users-userid-realm-user-token
      description: REST surface for v1-security-users-userId-realm-user-token.
      operations:
      - method: DELETE
        name: delete4
        description: Delete the user token for the given user.
        call: repository-security-management-users.delete4
        with:
          userId: rest.userId
          realm: rest.realm
        outputParameters:
        - type: object
          mapping: $.
      - method: GET
        name: get3
        description: Get user token metadata for the given user.
        call: repository-security-management-users.get3
        with:
          userId: rest.userId
          realm: rest.realm
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: create3
        description: Create a user token for the given user.
        call: repository-security-management-users.create3
        with:
          userId: rest.userId
          realm: rest.realm
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/security/users/{userid}/{realm}/user-token-reset
      name: v1-security-users-userid-realm-user-token-reset
      description: REST surface for v1-security-users-userId-realm-user-token-reset.
      operations:
      - method: DELETE
        name: reset
        description: Reset the user token for the given user.
        call: repository-security-management-users.reset
        with:
          userId: rest.userId
          realm: rest.realm
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: repository-security-management-users-mcp
    port: 9090
    transport: http
    description: 'MCP adapter for Sonatype Nexus Repository Manager — Security management: users. One tool per consumed operation,
      routed inline through this capability''s consumes block.'
    tools:
    - name: retrieve-list-users-saml-user
      description: Retrieve a list of users. For SAML user sources a limit of 1000 users will be applied.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: repository-security-management-users.getusers
      with:
        userId: tools.userId
        source: tools.source
      outputParameters:
      - type: object
        mapping: $.
    - name: create-new-user-default-source
      description: Create a new user in the default source.
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: repository-security-management-users.createuser
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: delete-user
      description: Delete a user.
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: repository-security-management-users.deleteuser
      with:
        userId: tools.userId
        realm: tools.realm
      outputParameters:
      - type: object
        mapping: $.
    - name: update-existing-user
      description: Update an existing user.
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: repository-security-management-users.updateuser
      with:
        userId: tools.userId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: change-user-s-password
      description: Change a user's password.
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: repository-security-management-users.changepassword
      with:
        userId: tools.userId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: delete-user-token-given-user
      description: Delete the user token for the given user.
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: repository-security-management-users.delete4
      with:
        userId: tools.userId
        realm: tools.realm
      outputParameters:
      - type: object
        mapping: $.
    - name: get-user-token-metadata-given
      description: Get user token metadata for the given user.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: repository-security-management-users.get3
      with:
        userId: tools.userId
        realm: tools.realm
      outputParameters:
      - type: object
        mapping: $.
    - name: create-user-token-given-user
      description: Create a user token for the given user.
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: repository-security-management-users.create3
      with:
        userId: tools.userId
        realm: tools.realm
      outputParameters:
      - type: object
        mapping: $.
    - name: reset-user-token-given-user
      description: Reset the user token for the given user.
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: repository-security-management-users.reset
      with:
        userId: tools.userId
        realm: tools.realm
      outputParameters:
      - type: object
        mapping: $.