You can implement access-control using FishEye's user list. FishEye can maintain a set of users, or you can have FishEye look in an external authentication source for users, passwords and permissions.

Anonymous access to FishEye is allowed by default. You can disable anonymous access at a global and per-repository level. To change go to Admin -> Global Settings -> Users/Security.

When Public Signup is enabled (Admin -> Global Settings -> Users/Security) new users can add themselves to the system. This is turned off by default.

Although FishEye always maintains a list of users internally, you can have FishEye authenticate and authorize users against an external authentication source.

FishEye currently supports:

• LDAP authentication.
• Host-based authentication. This is implemented using PAM on Linux/Solaris/OS-X, and Local/Domain Accounts on Windows.
• AJPv13 authentication.
• Custom authentication.

To set one of the above authentications, go to Admin -> Global Settings -> Users/Security. Only one authentication can be set at one time. However each repository can have the option as to whether to use the authentication or not.

To change authentications you will need to remove the settings that are already configured. Just click on the "Remove" link. You will then be presented with the option to add a different authentication.