From 520d41c385ae46dd70cddf3c53fd3edfa5201d38 Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Tue, 16 Sep 2025 10:11:51 -0400 Subject: [PATCH 1/7] add custom roles docs --- content/manuals/docker-hub/release-notes.md | 2 +- .../security/roles-and-permissions/_index.md | 73 ++++++++ .../roles-and-permissions/custom-roles.md | 176 ++++++++++++++++++ .../roles-and-permissions.md | 4 +- hugo_stats.json | 3 + 5 files changed, 255 insertions(+), 3 deletions(-) create mode 100644 content/manuals/enterprise/security/roles-and-permissions/_index.md create mode 100644 content/manuals/enterprise/security/roles-and-permissions/custom-roles.md rename content/manuals/enterprise/security/{ => roles-and-permissions}/roles-and-permissions.md (99%) diff --git a/content/manuals/docker-hub/release-notes.md b/content/manuals/docker-hub/release-notes.md index d93b4ad0e06f..898c43ddb4fa 100644 --- a/content/manuals/docker-hub/release-notes.md +++ b/content/manuals/docker-hub/release-notes.md @@ -53,7 +53,7 @@ known issues for each Docker Hub release. ### New -- Organizations can assign the [editor role](roles-and-permissions.md) to members to grant additional permissions without full administrative access. +- Organizations can assign the [editor role](/manuals/enterprise/security/roles-and-permissions/roles-and-permissions.md) to members to grant additional permissions without full administrative access. ## 2023-05-09 diff --git a/content/manuals/enterprise/security/roles-and-permissions/_index.md b/content/manuals/enterprise/security/roles-and-permissions/_index.md new file mode 100644 index 000000000000..04e168f6ca63 --- /dev/null +++ b/content/manuals/enterprise/security/roles-and-permissions/_index.md @@ -0,0 +1,73 @@ +--- +title: Roles and permissions +linkTitle: Roles and permissions +description: Control access to content, registry, and organization management with Docker's role system +keywords: roles, permissions, custom roles, core roles, access control, organization management, docker hub, admin console, security +tags: [admin] +aliases: + - /admin/organization/roles/ + - /security/for-admins/roles-and-permissions/ +grid: + - title: "Core roles" + description: Learn about Docker's built-in Member, Editor, and Owner roles with predefined permissions. + icon: "admin_panel_settings" + link: /admin/organization/core-roles/ + - title: "Custom roles" + description: Create tailored permission sets that match your organization's specific needs. + icon: "tune" + link: /admin/organization/custom-roles/ +weight: 40 +--- + +{{< summary-bar feature_name="General admin" >}} + +Roles control what users can do in your Docker organization. When you invite users or create teams, you assign them roles that determine their permissions for repositories, teams, and organization settings. + +Docker provides two types of roles to meet different organizational needs: + +- Core roles with predefined permissions +- Custom roles that you can tailor to your specific requirements + +## Core roles versus custom roles + +### Core roles + +Core roles are Docker's built-in roles with predefined permission sets: + +- Member: Non-administrative role with basic access. Members can view other organization members and pull images from repositories they have access to. +- Editor: Partial administrative access. Editors can create, edit, and delete repositories, and manage team permissions for repositories. +- Owner: Full administrative access. Owners can manage all organization settings, including repositories, teams, members, billing, and security features. + +### Custom roles + +Custom roles allow you to create tailored permission sets by selecting specific permissions from categories like user management, team management, billing, and Hub permissions. Use custom roles when Docker's core roles don't fit your needs. + +## When to use each type + +Use core roles when: + +- Docker's predefined permission sets match your organizational structure +- You want simple, straightforward role assignments +- You're getting started with Docker organization management +- Your access control needs are standard and don't require fine-grained permissions + +Use custom roles when: +- You need specific permission combinations not available in core roles +- You want to create specialized roles like billing administrators, security auditors, or repository managers +- You need department-specific access control +- You want to implement the principle of least privilege with precise permission grants + +## How roles work together + +Users and teams can be assigned either a core role or a custom role, but not both. However, roles work in combination with team permissions: + +1. Role permissions: Applied organization-wide (core or custom role) +2. Team permissions: Additional permissions for specific repositories when users are added to teams + +This layered approach gives you flexibility to provide broad organizational access through roles and specific repository access through team memberships. + +## Next steps + +Choose the role type that best fits your organization's needs: + +{{< grid >}} \ No newline at end of file diff --git a/content/manuals/enterprise/security/roles-and-permissions/custom-roles.md b/content/manuals/enterprise/security/roles-and-permissions/custom-roles.md new file mode 100644 index 000000000000..66ee062330c3 --- /dev/null +++ b/content/manuals/enterprise/security/roles-and-permissions/custom-roles.md @@ -0,0 +1,176 @@ +--- +title: Custom roles +description: +keywords: +--- + +Custom roles allow you to create tailored permission sets that match your +organization's specific needs. This page covers custom roles, and steps +to create and manage them. + +## What are custom roles? + +Custom roles let you create tailored permission sets for your organization. You +can assign custom roles to individual users or teams, and they work alongside +Docker's default roles (Owner, Editor, Member). Users get either a default role +or custom role, but not both. + +Use custom roles when Docker's default roles don't fit your needs, such as for +billing administrators, security auditors, repository managers, or +department-specific access control. + +## Prerequisites + +To configure custom roles, you need owner permissions in your Docker +organization. + +## Create a custom role + +Before you can assign a custom role to users, you must create one in the +Admin Console: + +1. Sign in to [Docker Home](https://app.docker.com). +1. Select **Admin Console**, then **User management**. +1. Select **Roles**, then **Create role**. +1. Create a name and describe what the role is for: + - Provide a **Display name** + - Enter a unique **Name** identifier (can't be changed later) + - Add an optional **Description** +1. Set permissions for the role by expanding permission categories and selecting +the checkboxes for permissions. For a full list of available permissions, see +the [custom roles permissions reference](#custom-roles-permissions-reference). +1. Select **Review** to review your custom roles configruation and see a summary +of selected permissions. +1. Select **Create**. + +With a custom role created, you can now [assign custom roles to users](#assign-custom-roles-to-users). + +## Edit a custom role + +1. Sign in to [Docker Home](https://app.docker.com). +1. Select **Admin Console**, then **User management**. +1. Select **Roles**. +1. Find your custom role from the list, and select the **Actions menu**. +1. Select **Edit**. +1. You can edit the following custom role settings: + - Display name + - Description + - Permissions +1. After you have finished editing, select **Save**. + +## Assign custom roles + +{{< tabs >}} +{{< tab name="Individual users" >}} + +1. Sign in to [Docker Home](https://app.docker.com). +1. Select **Members**. +1. Locate the member you want to assign a custom role to, then select the +**Actions menu**. +1. In the drop-down, select **Change role**. +1. In the **Select a role** drop-down, select your custom role. +1. Select **Save**. + +{{< /tab >}} +{{< tab name="Bulk users" >}} + +1. Sign in to [Docker Home](https://app.docker.com). +1. Select **Members**. +1. Use the checkboxes in the username column to select all users you want +to assign a custom role to. +1. Select **Change role**. +1. In the **Select a role** drop-down, select your custom role. +1. Select **Save**. + +{{< /tab >}} +{{< tab name="Teams" >}} + +1. Sign in to [Docker Home](https://app.docker.com). +1. Select **Teams**. +1. Locate the team you want to assign a custom role to, then select +the **Actions menu**. +1. Select **Assign role**. +1. Select your custom role, then select **Assign**. + +The role column will update to the newly assigned role. + +{{< /tab >}} +{{< /tabs >}} + +## View role assignments + +To see which users and teams are assigned to roles: + +1. Sign in to [Docker Home](https://app.docker.com). +1. Select **Admin Console**, then **User management**. +1. Select **Roles**. +1. In the roles list, view the **Users** and **Teams** columns to see +assignment counts. +1. Select a specific role to view its permissions adn assignments in detail. + +## Reassign custom roles + +{{< tabs >}} +{{< tab name="Individual users" >}} + +1. Sign in to [Docker Home](https://app.docker.com). +1. Select **Admin Console**, then **User management**. +1. Select **Roles**. +1. Find your custom role from the list, and select the **Actions menu**. +1. Select **Reassign**. +1. On the reassignment page, **Select a role** to reassign, then select **Save**. + +{{< /tab >}} +{{< tab name="Bulk users" >}} + + +{{< /tab >}} +{{< /tabs >}} + +## Duplicate a custom role + +1. Sign in to [Docker Home](https://app.docker.com). +1. Select **Admin Console**, then **User management**. +1. Select **Roles**. +1. Find your custom role from the list, and select the **Actions menu**. +1. Select **Duplicate**. +1. Modify the duplicated role's name, description, and permissions as needed. +1. Select **Create** to save the new role. + +## Delete a custom role + +If you have users or teams assigned to a role, you must reassign them to new roles before deleting. + +1. Sign in to [Docker Home](https://app.docker.com). +1. Select **Admin Console**, then **User management**. +1. Select **Roles**. +1. Find your custom role from the list, and select the **Actions menu**. +1. If the role has assigned users or teams, select **Reassign** first to move +them to different roles. +1. Once no users or teams are assigned, select the **Actions menu** again. +1. Select **Delete**. +1. In the confirmation window, select **Delete** to confirm. + +## Custom roles permissions reference + +Custom roles can included any combination of the following permissions. + +### User and role management permissions + +- **Invite members**: Send organization invitations +- **Manage members**: Remove users from the organizatino +- **Manage member roles**: Assign roles to users +- **Create custom roles**: Create, edit, and delete custom roles +- **View member activity**: View activity logs in the organization +- **Export and reporting**: Export users and activity logs + +### Team management permissions + +- **Create teams**: +- **Manage teams**: + +### Organization configuration permissions + +### Billing permissions + +### Hub permissions \ No newline at end of file diff --git a/content/manuals/enterprise/security/roles-and-permissions.md b/content/manuals/enterprise/security/roles-and-permissions/roles-and-permissions.md similarity index 99% rename from content/manuals/enterprise/security/roles-and-permissions.md rename to content/manuals/enterprise/security/roles-and-permissions/roles-and-permissions.md index 82227b4550a0..2c6dbddd83b6 100644 --- a/content/manuals/enterprise/security/roles-and-permissions.md +++ b/content/manuals/enterprise/security/roles-and-permissions/roles-and-permissions.md @@ -1,11 +1,11 @@ --- -title: Roles and permissions +title: Core roles description: Control access to content, registry, and organization management with roles in your organization. keywords: members, teams, organization, company, roles, access, docker hub, admin console, security, permissions aliases: - /docker-hub/roles-and-permissions/ - /security/for-admins/roles-and-permissions/ -weight: 40 +- /enterprise/security/roles-and-permissions/ --- {{< summary-bar feature_name="General admin" >}} diff --git a/hugo_stats.json b/hugo_stats.json index e0b7375b82ea..23fc99e1a492 100644 --- a/hugo_stats.json +++ b/hugo_stats.json @@ -26,6 +26,7 @@ "Bake", "Bash", "Before", + "Bulk-users", "CLI", "CentOS-RHEL-and-Fedora", "Circle-CI", @@ -75,6 +76,7 @@ "HTTP", "Heredocs", "Hyper-V-backend-x86_64", + "Individual-users", "Inline", "Installation-time-setup", "Instant-verification", @@ -129,6 +131,7 @@ "Shell-script-deployment", "Specific-version", "Svelte", + "Teams", "Testcontainers-Cloud", "TypeScript", "Ubuntu", From 008f71fdf0ef9fcdfe09751f0dffca7efa2b5bb5 Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Tue, 14 Oct 2025 09:42:21 -0400 Subject: [PATCH 2/7] update Teams --- .../security/roles-and-permissions/_index.md | 12 +++++------ ...roles-and-permissions.md => core-roles.md} | 9 ++++---- .../roles-and-permissions/custom-roles.md | 21 +++++++++++++------ 3 files changed, 25 insertions(+), 17 deletions(-) rename content/manuals/enterprise/security/roles-and-permissions/{roles-and-permissions.md => core-roles.md} (95%) diff --git a/content/manuals/enterprise/security/roles-and-permissions/_index.md b/content/manuals/enterprise/security/roles-and-permissions/_index.md index 04e168f6ca63..e483c6b3c788 100644 --- a/content/manuals/enterprise/security/roles-and-permissions/_index.md +++ b/content/manuals/enterprise/security/roles-and-permissions/_index.md @@ -11,11 +11,11 @@ grid: - title: "Core roles" description: Learn about Docker's built-in Member, Editor, and Owner roles with predefined permissions. icon: "admin_panel_settings" - link: /admin/organization/core-roles/ + link: /enterprise/security/roles-and-permissions/core-roles/ - title: "Custom roles" description: Create tailored permission sets that match your organization's specific needs. icon: "tune" - link: /admin/organization/custom-roles/ + link: /enterprise/security/roles-and-permissions/custom-roles/ weight: 40 --- @@ -25,10 +25,10 @@ Roles control what users can do in your Docker organization. When you invite use Docker provides two types of roles to meet different organizational needs: -- Core roles with predefined permissions -- Custom roles that you can tailor to your specific requirements +- [Core roles](/manuals/enterprise/security/roles-and-permissions/core-roles.md) with predefined permissions +- [Custom roles](/manuals/enterprise/security/roles-and-permissions/custom-roles.md) that you can tailor to your specific requirements -## Core roles versus custom roles +## Docker roles ### Core roles @@ -42,7 +42,7 @@ Core roles are Docker's built-in roles with predefined permission sets: Custom roles allow you to create tailored permission sets by selecting specific permissions from categories like user management, team management, billing, and Hub permissions. Use custom roles when Docker's core roles don't fit your needs. -## When to use each type +## When to use each role Use core roles when: diff --git a/content/manuals/enterprise/security/roles-and-permissions/roles-and-permissions.md b/content/manuals/enterprise/security/roles-and-permissions/core-roles.md similarity index 95% rename from content/manuals/enterprise/security/roles-and-permissions/roles-and-permissions.md rename to content/manuals/enterprise/security/roles-and-permissions/core-roles.md index 2c6dbddd83b6..ba7c72259e77 100644 --- a/content/manuals/enterprise/security/roles-and-permissions/roles-and-permissions.md +++ b/content/manuals/enterprise/security/roles-and-permissions/core-roles.md @@ -10,13 +10,12 @@ aliases: {{< summary-bar feature_name="General admin" >}} -Roles control what users can do in your organization. When you invite users, you assign them a role that determines their permissions for repositories, teams, and organization settings. +Core roles are Docker's built-in roles with predefined permission sets. +This page provides an overview of Docker's core and permissions for each role. -This page provides an overview of Docker roles and permissions for each role. +## What are core roles? -## Organization roles - -Docker organizations have three main roles: +Docker organizations have three core roles: - Member: Non-administrative role with basic access. Members can view other organization members and pull images from repositories they have access to. - Editor: Partial administrative access. Editors can create, edit, and delete repositories. They can also manage team permissions for repositories. diff --git a/content/manuals/enterprise/security/roles-and-permissions/custom-roles.md b/content/manuals/enterprise/security/roles-and-permissions/custom-roles.md index 66ee062330c3..f41053858f62 100644 --- a/content/manuals/enterprise/security/roles-and-permissions/custom-roles.md +++ b/content/manuals/enterprise/security/roles-and-permissions/custom-roles.md @@ -4,6 +4,8 @@ description: keywords: --- +{{< summary-bar feature_name="General admin" >}} + Custom roles allow you to create tailored permission sets that match your organization's specific needs. This page covers custom roles, and steps to create and manage them. @@ -11,13 +13,10 @@ to create and manage them. ## What are custom roles? Custom roles let you create tailored permission sets for your organization. You -can assign custom roles to individual users or teams, and they work alongside -Docker's default roles (Owner, Editor, Member). Users get either a default role -or custom role, but not both. +can assign custom roles to individual users or teams. +Users get either a core role or custom role, but not both. -Use custom roles when Docker's default roles don't fit your needs, such as for -billing administrators, security auditors, repository managers, or -department-specific access control. +Use custom roles when Docker's default roles don't fit your needs. ## Prerequisites @@ -124,6 +123,16 @@ assignment counts. {{< tab name="Bulk users" >}} +{{< /tab >}} +{{< tab name="Teams" >}} + +1. Sign in to [Docker Home](https://app.docker.com). +1. Select **Teams**. +1. Locate the team, then select the **Actions menu**. +1. Select **Change role**. +1. In the pop-up window, select a role from the drop-down menu, then +select **Save**. + {{< /tab >}} {{< /tabs >}} From d8c8d1035dd3168a3e4d06fc805ea3d79cfbd2b6 Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Thu, 23 Oct 2025 13:37:44 -0400 Subject: [PATCH 3/7] fix build issues --- content/manuals/docker-hub/release-notes.md | 4 ++-- .../enterprise/security/roles-and-permissions/custom-roles.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/content/manuals/docker-hub/release-notes.md b/content/manuals/docker-hub/release-notes.md index 898c43ddb4fa..1e2f34f24560 100644 --- a/content/manuals/docker-hub/release-notes.md +++ b/content/manuals/docker-hub/release-notes.md @@ -47,13 +47,13 @@ known issues for each Docker Hub release. ## 2023-08-28 -- Organizations with SSO enabled can assign members to roles, organizations, and teams with [SCIM role mapping](scim.md#set-up-role-mapping). +- Organizations with SSO enabled can assign members to roles, organizations, and teams with [SCIM role mapping](scim.md#set-up-role-mapping). ## 2023-07-26 ### New -- Organizations can assign the [editor role](/manuals/enterprise/security/roles-and-permissions/roles-and-permissions.md) to members to grant additional permissions without full administrative access. +- Organizations can assign the [editor role](/manuals/enterprise/security/roles-and-permissions/_index.md) to members to grant additional permissions without full administrative access. ## 2023-05-09 diff --git a/content/manuals/enterprise/security/roles-and-permissions/custom-roles.md b/content/manuals/enterprise/security/roles-and-permissions/custom-roles.md index f41053858f62..ecd1fdac1781 100644 --- a/content/manuals/enterprise/security/roles-and-permissions/custom-roles.md +++ b/content/manuals/enterprise/security/roles-and-permissions/custom-roles.md @@ -42,7 +42,7 @@ the [custom roles permissions reference](#custom-roles-permissions-reference). of selected permissions. 1. Select **Create**. -With a custom role created, you can now [assign custom roles to users](#assign-custom-roles-to-users). +With a custom role created, you can now [assign custom roles to users](#assign-custom-roles). ## Edit a custom role From 286458f954dc64169929f909fc436629112a9cf1 Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Mon, 3 Nov 2025 12:22:39 -0500 Subject: [PATCH 4/7] add WIP note --- .../roles-and-permissions/custom-roles.md | 55 ++++++------------- 1 file changed, 16 insertions(+), 39 deletions(-) diff --git a/content/manuals/enterprise/security/roles-and-permissions/custom-roles.md b/content/manuals/enterprise/security/roles-and-permissions/custom-roles.md index ecd1fdac1781..a3291e1fea76 100644 --- a/content/manuals/enterprise/security/roles-and-permissions/custom-roles.md +++ b/content/manuals/enterprise/security/roles-and-permissions/custom-roles.md @@ -32,14 +32,14 @@ Admin Console: 1. Select **Admin Console**, then **User management**. 1. Select **Roles**, then **Create role**. 1. Create a name and describe what the role is for: - - Provide a **Display name** - - Enter a unique **Name** identifier (can't be changed later) - - Add an optional **Description** + - Provide a **Display name** + - Enter a unique **Name** identifier (can't be changed later) + - Add an optional **Description** 1. Set permissions for the role by expanding permission categories and selecting -the checkboxes for permissions. For a full list of available permissions, see -the [custom roles permissions reference](#custom-roles-permissions-reference). + the checkboxes for permissions. For a full list of available permissions, see + the [custom roles permissions reference](#custom-roles-permissions-reference). 1. Select **Review** to review your custom roles configruation and see a summary -of selected permissions. + of selected permissions. 1. Select **Create**. With a custom role created, you can now [assign custom roles to users](#assign-custom-roles). @@ -52,9 +52,9 @@ With a custom role created, you can now [assign custom roles to users](#assign-c 1. Find your custom role from the list, and select the **Actions menu**. 1. Select **Edit**. 1. You can edit the following custom role settings: - - Display name - - Description - - Permissions + - Display name + - Description + - Permissions 1. After you have finished editing, select **Save**. ## Assign custom roles @@ -65,7 +65,7 @@ With a custom role created, you can now [assign custom roles to users](#assign-c 1. Sign in to [Docker Home](https://app.docker.com). 1. Select **Members**. 1. Locate the member you want to assign a custom role to, then select the -**Actions menu**. + **Actions menu**. 1. In the drop-down, select **Change role**. 1. In the **Select a role** drop-down, select your custom role. 1. Select **Save**. @@ -76,7 +76,7 @@ With a custom role created, you can now [assign custom roles to users](#assign-c 1. Sign in to [Docker Home](https://app.docker.com). 1. Select **Members**. 1. Use the checkboxes in the username column to select all users you want -to assign a custom role to. + to assign a custom role to. 1. Select **Change role**. 1. In the **Select a role** drop-down, select your custom role. 1. Select **Save**. @@ -87,7 +87,7 @@ to assign a custom role to. 1. Sign in to [Docker Home](https://app.docker.com). 1. Select **Teams**. 1. Locate the team you want to assign a custom role to, then select -the **Actions menu**. + the **Actions menu**. 1. Select **Assign role**. 1. Select your custom role, then select **Assign**. @@ -104,7 +104,7 @@ To see which users and teams are assigned to roles: 1. Select **Admin Console**, then **User management**. 1. Select **Roles**. 1. In the roles list, view the **Users** and **Teams** columns to see -assignment counts. + assignment counts. 1. Select a specific role to view its permissions adn assignments in detail. ## Reassign custom roles @@ -122,7 +122,6 @@ assignment counts. {{< /tab >}} {{< tab name="Bulk users" >}} - {{< /tab >}} {{< tab name="Teams" >}} @@ -131,7 +130,7 @@ assignment counts. 1. Locate the team, then select the **Actions menu**. 1. Select **Change role**. 1. In the pop-up window, select a role from the drop-down menu, then -select **Save**. + select **Save**. {{< /tab >}} {{< /tabs >}} @@ -155,31 +154,9 @@ If you have users or teams assigned to a role, you must reassign them to new rol 1. Select **Roles**. 1. Find your custom role from the list, and select the **Actions menu**. 1. If the role has assigned users or teams, select **Reassign** first to move -them to different roles. + them to different roles. 1. Once no users or teams are assigned, select the **Actions menu** again. 1. Select **Delete**. 1. In the confirmation window, select **Delete** to confirm. -## Custom roles permissions reference - -Custom roles can included any combination of the following permissions. - -### User and role management permissions - -- **Invite members**: Send organization invitations -- **Manage members**: Remove users from the organizatino -- **Manage member roles**: Assign roles to users -- **Create custom roles**: Create, edit, and delete custom roles -- **View member activity**: View activity logs in the organization -- **Export and reporting**: Export users and activity logs - -### Team management permissions - -- **Create teams**: -- **Manage teams**: - -### Organization configuration permissions - -### Billing permissions - -### Hub permissions \ No newline at end of file +## Custom roles permissions reference (WIP) From e4b17676d363142b3ef3ea9a929976a0c11edda3 Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Mon, 3 Nov 2025 14:53:36 -0500 Subject: [PATCH 5/7] feedback --- .../security/roles-and-permissions/_index.md | 17 +- .../roles-and-permissions/core-roles.md | 102 ++++++----- .../roles-and-permissions/custom-roles.md | 170 +++++++++++------- 3 files changed, 171 insertions(+), 118 deletions(-) diff --git a/content/manuals/enterprise/security/roles-and-permissions/_index.md b/content/manuals/enterprise/security/roles-and-permissions/_index.md index e483c6b3c788..9549ad764eb0 100644 --- a/content/manuals/enterprise/security/roles-and-permissions/_index.md +++ b/content/manuals/enterprise/security/roles-and-permissions/_index.md @@ -5,8 +5,8 @@ description: Control access to content, registry, and organization management wi keywords: roles, permissions, custom roles, core roles, access control, organization management, docker hub, admin console, security tags: [admin] aliases: - - /admin/organization/roles/ - - /security/for-admins/roles-and-permissions/ + - /admin/organization/roles/ + - /security/for-admins/roles-and-permissions/ grid: - title: "Core roles" description: Learn about Docker's built-in Member, Editor, and Owner roles with predefined permissions. @@ -34,9 +34,9 @@ Docker provides two types of roles to meet different organizational needs: Core roles are Docker's built-in roles with predefined permission sets: -- Member: Non-administrative role with basic access. Members can view other organization members and pull images from repositories they have access to. -- Editor: Partial administrative access. Editors can create, edit, and delete repositories, and manage team permissions for repositories. -- Owner: Full administrative access. Owners can manage all organization settings, including repositories, teams, members, billing, and security features. +- **Member**: Non-administrative role with basic access. Members can view other organization members and pull images from repositories they have access to. +- **Editor**: Partial administrative access. Editors can create, edit, and delete repositories, and manage team permissions for repositories. +- **Owner**: Full administrative access. Owners can manage all organization settings, including repositories, teams, members, billing, and security features. ### Custom roles @@ -52,6 +52,7 @@ Use core roles when: - Your access control needs are standard and don't require fine-grained permissions Use custom roles when: + - You need specific permission combinations not available in core roles - You want to create specialized roles like billing administrators, security auditors, or repository managers - You need department-specific access control @@ -61,8 +62,8 @@ Use custom roles when: Users and teams can be assigned either a core role or a custom role, but not both. However, roles work in combination with team permissions: -1. Role permissions: Applied organization-wide (core or custom role) -2. Team permissions: Additional permissions for specific repositories when users are added to teams +1. **Role permissions**: Applied organization-wide (core or custom role). Custom roles can grant permissions to both organization-wide settings and repository access. +2. **Team permissions**: Additional repository-specific permissions when users are added to teams. This is a separate permission system from role-based permissions. This layered approach gives you flexibility to provide broad organizational access through roles and specific repository access through team memberships. @@ -70,4 +71,4 @@ This layered approach gives you flexibility to provide broad organizational acce Choose the role type that best fits your organization's needs: -{{< grid >}} \ No newline at end of file +{{< grid >}} diff --git a/content/manuals/enterprise/security/roles-and-permissions/core-roles.md b/content/manuals/enterprise/security/roles-and-permissions/core-roles.md index ba7c72259e77..7704c77e103f 100644 --- a/content/manuals/enterprise/security/roles-and-permissions/core-roles.md +++ b/content/manuals/enterprise/security/roles-and-permissions/core-roles.md @@ -3,35 +3,34 @@ title: Core roles description: Control access to content, registry, and organization management with roles in your organization. keywords: members, teams, organization, company, roles, access, docker hub, admin console, security, permissions aliases: -- /docker-hub/roles-and-permissions/ -- /security/for-admins/roles-and-permissions/ -- /enterprise/security/roles-and-permissions/ + - /docker-hub/roles-and-permissions/ + - /security/for-admins/roles-and-permissions/ + - /enterprise/security/roles-and-permissions/ --- {{< summary-bar feature_name="General admin" >}} Core roles are Docker's built-in roles with predefined permission sets. -This page provides an overview of Docker's core and permissions for each role. +This page provides an overview of Docker's core roles and permissions for each role. ## What are core roles? Docker organizations have three core roles: -- Member: Non-administrative role with basic access. Members can view other organization members and pull images from repositories they have access to. -- Editor: Partial administrative access. Editors can create, edit, and delete repositories. They can also manage team permissions for repositories. -- Owner: Full administrative access. Owners can manage all organization settings, including repositories, teams, members, billing, and security features. - -## Permissions by role +- **Member**: Non-administrative role with basic access. Members can view other organization members and pull images from repositories they have access to. +- **Editor**: Partial administrative access. Editors can create, edit, and delete repositories. They can also manage team permissions for repositories. +- **Owner**: Full administrative access. Owners can manage all organization settings, including repositories, teams, members, billing, and security features. > [!NOTE] > -> An owner role assigned at the company level has the same access as an owner role assigned at the organization level. For more information, see [Company overview](/admin/company/). +> A company owner has the same organization management permissions as an organization owner, but there are some content and registry permissions that company owners don't have (for example, repository pull/push). For more information, see [Company overview](/admin/company/). ### Content and registry permissions These permissions apply organization-wide, including all repositories in your organization's namespace. | Permission | Member | Editor | Owner | +<<<<<<< HEAD | :---------------------------------------------------- | :----- | :----- | :----------------- | | Explore images and extensions | ✅ | ✅ | ✅ | | Star, favorite, vote, and comment on content | ✅ | ✅ | ✅ | @@ -48,6 +47,23 @@ These permissions apply organization-wide, including all repositories in your or | Edit build settings | ❌ | ❌ | ✅ | | View teams | ✅ | ✅ | ✅ | | Assign team permissions to repositories | ❌ | ✅ | ✅ | +======= +| :---------------------------------------------------- | :----- | :----- | :---- | +| Explore images and extensions | ✅ | ✅ | ✅ | +| Star, favorite, vote, and comment on content | ✅ | ✅ | ✅ | +| Pull images | ✅ | ✅ | ✅ | +| Create and publish an extension | ✅ | ✅ | ✅ | +| Become a Verified, Official, or Open Source publisher | ❌ | ❌ | ✅ | +| Observe content engagement as a publisher | ❌ | ❌ | ✅ | +| Create public and private repositories | ❌ | ✅ | ✅ | +| Edit and delete repositories | ❌ | ✅ | ✅ | +| Manage tags | ❌ | ✅ | ✅ | +| View repository activity | ❌ | ❌ | ✅ | +| Set up Automated builds | ❌ | ❌ | ✅ | +| Edit build settings | ❌ | ❌ | ✅ | +| View teams | ✅ | ✅ | ✅ | +| Assign team permissions to repositories | ❌ | ✅ | ✅ | +>>>>>>> 521a0d373d (feedback) When you add members to teams, you can grant additional repository permissions beyond their organization role: @@ -58,45 +74,45 @@ beyond their organization role: ### Organization management permissions | Permission | Member | Editor | Owner | -| :---------------------------------------------------------------- | :----- | :----- | :----------------- | -| Create teams | ❌ | ❌ | ✅ | -| Manage teams (including delete) | ❌ | ❌ | ✅ | -| Configure the organization's settings (including linked services) | ❌ | ❌ | ✅ | -| Add organizations to a company | ❌ | ❌ | ✅ | -| Invite members | ❌ | ❌ | ✅ | -| Manage members | ❌ | ❌ | ✅ | -| Manage member roles and permissions | ❌ | ❌ | ✅ | -| View member activity | ❌ | ❌ | ✅ | -| Export and reporting | ❌ | ❌ | ✅ | -| Image Access Management | ❌ | ❌ | ✅ | -| Registry Access Management | ❌ | ❌ | ✅ | -| Set up Single Sign-On (SSO) and SCIM | ❌ | ❌ | ✅ \* | -| Require Docker Desktop sign-in | ❌ | ❌ | ✅ \* | -| Manage billing information (for example, billing address) | ❌ | ❌ | ✅ | -| Manage payment methods (for example, credit card or invoice) | ❌ | ❌ | ✅ | -| View billing history | ❌ | ❌ | ✅ | -| Manage subscriptions | ❌ | ❌ | ✅ | -| Manage seats | ❌ | ❌ | ✅ | -| Upgrade and downgrade plans | ❌ | ❌ | ✅ | +| :---------------------------------------------------------------- | :----- | :----- | :---- | +| Create teams | ❌ | ❌ | ✅ | +| Manage teams (including delete) | ❌ | ❌ | ✅ | +| Configure the organization's settings (including linked services) | ❌ | ❌ | ✅ | +| Add organizations to a company | ❌ | ❌ | ✅ | +| Invite members | ❌ | ❌ | ✅ | +| Manage members | ❌ | ❌ | ✅ | +| Manage member roles and permissions | ❌ | ❌ | ✅ | +| View member activity | ❌ | ❌ | ✅ | +| Export and reporting | ❌ | ❌ | ✅ | +| Image Access Management | ❌ | ❌ | ✅ | +| Registry Access Management | ❌ | ❌ | ✅ | +| Set up Single Sign-On (SSO) and SCIM | ❌ | ❌ | ✅ \* | +| Require Docker Desktop sign-in | ❌ | ❌ | ✅ \* | +| Manage billing information (for example, billing address) | ❌ | ❌ | ✅ | +| Manage payment methods (for example, credit card or invoice) | ❌ | ❌ | ✅ | +| View billing history | ❌ | ❌ | ✅ | +| Manage subscriptions | ❌ | ❌ | ✅ | +| Manage seats | ❌ | ❌ | ✅ | +| Upgrade and downgrade plans | ❌ | ❌ | ✅ | _\* If not part of a company_ ### Docker Scout permissions | Permission | Member | Editor | Owner | -| :---------------------------------------------------- | :----- | :----- | :----------------- | -| View and compare analysis results | ✅ | ✅ | ✅ | -| Upload analysis records | ✅ | ✅ | ✅ | -| Activate and deactivate Docker Scout for a repository | ❌ | ✅ | ✅ | -| Create environments | ❌ | ❌ | ✅ | -| Manage registry integrations | ❌ | ❌ | ✅ | +| :---------------------------------------------------- | :----- | :----- | :---- | +| View and compare analysis results | ✅ | ✅ | ✅ | +| Upload analysis records | ✅ | ✅ | ✅ | +| Activate and deactivate Docker Scout for a repository | ❌ | ✅ | ✅ | +| Create environments | ❌ | ❌ | ✅ | +| Manage registry integrations | ❌ | ❌ | ✅ | ### Docker Build Cloud permissions -| Permission | Member | Editor | Owner | -| ---------------------------- | :----- | :----- | :----------------- | -| Use a cloud builder | ✅ | ✅ | ✅ | -| Create and remove builders | ✅ | ✅ | ✅ | -| Configure builder settings | ✅ | ✅ | ✅ | -| Buy minutes | ❌ | ❌ | ✅ | -| Manage subscription | ❌ | ❌ | ✅ | +| Permission | Member | Editor | Owner | +| -------------------------- | :----- | :----- | :---- | +| Use a cloud builder | ✅ | ✅ | ✅ | +| Create and remove builders | ✅ | ✅ | ✅ | +| Configure builder settings | ✅ | ✅ | ✅ | +| Buy minutes | ❌ | ❌ | ✅ | +| Manage subscription | ❌ | ❌ | ✅ | diff --git a/content/manuals/enterprise/security/roles-and-permissions/custom-roles.md b/content/manuals/enterprise/security/roles-and-permissions/custom-roles.md index a3291e1fea76..7d7f66dd3923 100644 --- a/content/manuals/enterprise/security/roles-and-permissions/custom-roles.md +++ b/content/manuals/enterprise/security/roles-and-permissions/custom-roles.md @@ -1,22 +1,22 @@ --- title: Custom roles -description: -keywords: +description: Create tailored permission sets for your organization with custom roles +keywords: custom roles, permissions, access control, organization management, docker hub, admin console, security --- {{< summary-bar feature_name="General admin" >}} Custom roles allow you to create tailored permission sets that match your -organization's specific needs. This page covers custom roles, and steps +organization's specific needs. This page covers custom roles and steps to create and manage them. ## What are custom roles? Custom roles let you create tailored permission sets for your organization. You can assign custom roles to individual users or teams. -Users get either a core role or custom role, but not both. +Users and teams get either a core role or custom role, but not both. -Use custom roles when Docker's default roles don't fit your needs. +Use custom roles when Docker's core roles don't fit your needs. ## Prerequisites @@ -29,33 +29,33 @@ Before you can assign a custom role to users, you must create one in the Admin Console: 1. Sign in to [Docker Home](https://app.docker.com). -1. Select **Admin Console**, then **User management**. -1. Select **Roles**, then **Create role**. -1. Create a name and describe what the role is for: - - Provide a **Display name** +2. Select **Admin Console**, then **User management**. +3. Select **Roles**, then **Create role**. +4. Create a name and describe what the role is for: + - Provide a **Label** - Enter a unique **Name** identifier (can't be changed later) - Add an optional **Description** -1. Set permissions for the role by expanding permission categories and selecting +5. Set permissions for the role by expanding permission categories and selecting the checkboxes for permissions. For a full list of available permissions, see the [custom roles permissions reference](#custom-roles-permissions-reference). -1. Select **Review** to review your custom roles configruation and see a summary +6. Select **Review** to review your custom roles configuration and see a summary of selected permissions. -1. Select **Create**. +7. Select **Create**. With a custom role created, you can now [assign custom roles to users](#assign-custom-roles). ## Edit a custom role 1. Sign in to [Docker Home](https://app.docker.com). -1. Select **Admin Console**, then **User management**. -1. Select **Roles**. -1. Find your custom role from the list, and select the **Actions menu**. -1. Select **Edit**. -1. You can edit the following custom role settings: - - Display name +2. Select **Admin Console**, then **User management**. +3. Select **Roles**. +4. Find your custom role from the list, and select the **Actions menu**. +5. Select **Edit**. +6. You can edit the following custom role settings: + - Label - Description - Permissions -1. After you have finished editing, select **Save**. +7. After you have finished editing, select **Save**. ## Assign custom roles @@ -63,33 +63,33 @@ With a custom role created, you can now [assign custom roles to users](#assign-c {{< tab name="Individual users" >}} 1. Sign in to [Docker Home](https://app.docker.com). -1. Select **Members**. -1. Locate the member you want to assign a custom role to, then select the +2. Select **Members**. +3. Locate the member you want to assign a custom role to, then select the **Actions menu**. -1. In the drop-down, select **Change role**. -1. In the **Select a role** drop-down, select your custom role. -1. Select **Save**. +4. In the drop-down, select **Change role**. +5. In the **Select a role** drop-down, select your custom role. +6. Select **Save**. {{< /tab >}} {{< tab name="Bulk users" >}} 1. Sign in to [Docker Home](https://app.docker.com). -1. Select **Members**. -1. Use the checkboxes in the username column to select all users you want +2. Select **Members**. +3. Use the checkboxes in the username column to select all users you want to assign a custom role to. -1. Select **Change role**. -1. In the **Select a role** drop-down, select your custom role. -1. Select **Save**. +4. Select **Change role**. +5. In the **Select a role** drop-down, select your custom role or a core role. +6. Select **Save**. {{< /tab >}} {{< tab name="Teams" >}} 1. Sign in to [Docker Home](https://app.docker.com). -1. Select **Teams**. -1. Locate the team you want to assign a custom role to, then select +2. Select **Teams**. +3. Locate the team you want to assign a custom role to, then select the **Actions menu**. -1. Select **Assign role**. -1. Select your custom role, then select **Assign**. +4. Select **Assign role**. +5. Select your custom role, then select **Assign**. The role column will update to the newly assigned role. @@ -101,11 +101,11 @@ The role column will update to the newly assigned role. To see which users and teams are assigned to roles: 1. Sign in to [Docker Home](https://app.docker.com). -1. Select **Admin Console**, then **User management**. -1. Select **Roles**. -1. In the roles list, view the **Users** and **Teams** columns to see +2. Select **Admin Console**, then **User management**. +3. Select **Roles**. +4. In the roles list, view the **Users** and **Teams** columns to see assignment counts. -1. Select a specific role to view its permissions adn assignments in detail. +5. Select a specific role to view its permissions and assignments in detail. ## Reassign custom roles @@ -113,50 +113,86 @@ To see which users and teams are assigned to roles: {{< tab name="Individual users" >}} 1. Sign in to [Docker Home](https://app.docker.com). -1. Select **Admin Console**, then **User management**. -1. Select **Roles**. -1. Find your custom role from the list, and select the **Actions menu**. -1. Select **Reassign**. -1. On the reassignment page, **Select a role** to reassign, then select **Save**. +2. Select **Members**. +3. Locate the member you want to reassign, then select the **Actions menu**. +4. Select **Change role**. +5. In the **Select a role** drop-down, select the new role. +6. Select **Save**. {{< /tab >}} {{< tab name="Bulk users" >}} +1. Sign in to [Docker Home](https://app.docker.com). +2. Select **Members**. +3. Use the checkboxes in the username column to select all users you want + to reassign. +4. Select **Change role**. +5. In the **Select a role** drop-down, select the new role. +6. Select **Save**. + {{< /tab >}} {{< tab name="Teams" >}} 1. Sign in to [Docker Home](https://app.docker.com). -1. Select **Teams**. -1. Locate the team, then select the **Actions menu**. -1. Select **Change role**. -1. In the pop-up window, select a role from the drop-down menu, then +2. Select **Teams**. +3. Locate the team, then select the **Actions menu**. +4. Select **Change role**. +5. In the pop-up window, select a role from the drop-down menu, then select **Save**. {{< /tab >}} {{< /tabs >}} -## Duplicate a custom role - -1. Sign in to [Docker Home](https://app.docker.com). -1. Select **Admin Console**, then **User management**. -1. Select **Roles**. -1. Find your custom role from the list, and select the **Actions menu**. -1. Select **Duplicate**. -1. Modify the duplicated role's name, description, and permissions as needed. -1. Select **Create** to save the new role. - ## Delete a custom role -If you have users or teams assigned to a role, you must reassign them to new roles before deleting. +Before deleting a custom role, you must reassign all users and teams to different roles. 1. Sign in to [Docker Home](https://app.docker.com). -1. Select **Admin Console**, then **User management**. -1. Select **Roles**. -1. Find your custom role from the list, and select the **Actions menu**. -1. If the role has assigned users or teams, select **Reassign** first to move - them to different roles. -1. Once no users or teams are assigned, select the **Actions menu** again. -1. Select **Delete**. -1. In the confirmation window, select **Delete** to confirm. - -## Custom roles permissions reference (WIP) +2. Select **Admin Console**, then **User management**. +3. Select **Roles**. +4. Find your custom role from the list, and select the **Actions menu**. +5. If the role has assigned users or teams: + - Navigate to the **Members** page and change the role for all users assigned to this custom role + - Navigate to the **Teams** page and reassign all teams that have this custom role +6. Once no users or teams are assigned, return to **Roles**. +7. Find your custom role and select the **Actions menu**. +8. Select **Delete**. +9. In the confirmation window, select **Delete** to confirm. + +## Custom roles permissions reference + +Custom roles are built by selecting specific permissions across different categories. The following tables list all available permissions you can assign to a custom role. + +### Organization management + +| Permission | Description | +| :-------------------------------- | :---------------------------------------------------------------------------------------------- | +| View teams | View teams and team members | +| Manage teams | Create, update, and delete teams and team members | +| Manage registry access | Control which registries members can access | +| Manage image access | Set policies for which images members can pull and use | +| Update organization information | Update organization information such as name and location | +| Member management | Manage organization members, invites, and roles | +| View custom roles | View existing custom roles and their permissions | +| Manage custom roles | Full access to custom role management and assignment | +| Manage organization access tokens | Create, update, and delete repositories in this org. Push/pull or registry actions not included | +| View activity logs | Access organization audit logs and activity history | +| View domains | View domains and domain audit settings | +| Manage domains | Manage verified domains and domain audit settings | +| View SSO and SCIM | View single sign-on and user provisioning configurations | +| Manage SSO and SCIM | Full access to SSO and SCIM management | +| Manage Desktop settings | Configure Docker Desktop settings policies and view usage reports | + +### Docker Hub + +| Permission | Description | +| :------------------ | :--------------------------------------------------------- | +| View repositories | View repository details and contents | +| Manage repositories | Create, update, and delete repositories and their contents | + +### Billing + +| Permission | Description | +| :------------- | :----------------------------------------------- | +| View billing | View organization billing information | +| Manage billing | Complete access to managing organization billing | From 15239c2f86310082cf4946f1c20e16f8ca4cd90d Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Mon, 3 Nov 2025 15:03:04 -0500 Subject: [PATCH 6/7] lint --- .../roles-and-permissions/core-roles.md | 63 ++++++++++--------- 1 file changed, 32 insertions(+), 31 deletions(-) diff --git a/content/manuals/enterprise/security/roles-and-permissions/core-roles.md b/content/manuals/enterprise/security/roles-and-permissions/core-roles.md index 7704c77e103f..77ff26c5a612 100644 --- a/content/manuals/enterprise/security/roles-and-permissions/core-roles.md +++ b/content/manuals/enterprise/security/roles-and-permissions/core-roles.md @@ -29,41 +29,42 @@ Docker organizations have three core roles: These permissions apply organization-wide, including all repositories in your organization's namespace. -| Permission | Member | Editor | Owner | +| Permission | Member | Editor | Owner | <<<<<<< HEAD | :---------------------------------------------------- | :----- | :----- | :----------------- | -| Explore images and extensions | ✅ | ✅ | ✅ | -| Star, favorite, vote, and comment on content | ✅ | ✅ | ✅ | -| Pull images | ✅ | ✅ | ✅ | -| Create and publish an extension | ✅ | ✅ | ✅ | -| Become a Verified, Official, or Open Source publisher | ❌ | ❌ | ✅ | -| Edit and delete publisher repository logos | ❌ | ✅ | ✅ | -| Observe content engagement as a publisher | ❌ | ❌ | ✅ | -| Create public and private repositories | ❌ | ✅ | ✅ | -| Edit and delete repositories | ❌ | ✅ | ✅ | -| Manage tags | ❌ | ✅ | ✅ | -| View repository activity | ❌ | ❌ | ✅ | -| Set up Automated builds | ❌ | ❌ | ✅ | -| Edit build settings | ❌ | ❌ | ✅ | -| View teams | ✅ | ✅ | ✅ | -| Assign team permissions to repositories | ❌ | ✅ | ✅ | +| Explore images and extensions | ✅ | ✅ | ✅ | +| Star, favorite, vote, and comment on content | ✅ | ✅ | ✅ | +| Pull images | ✅ | ✅ | ✅ | +| Create and publish an extension | ✅ | ✅ | ✅ | +| Become a Verified, Official, or Open Source publisher | ❌ | ❌ | ✅ | +| Edit and delete publisher repository logos | ❌ | ✅ | ✅ | +| Observe content engagement as a publisher | ❌ | ❌ | ✅ | +| Create public and private repositories | ❌ | ✅ | ✅ | +| Edit and delete repositories | ❌ | ✅ | ✅ | +| Manage tags | ❌ | ✅ | ✅ | +| View repository activity | ❌ | ❌ | ✅ | +| Set up Automated builds | ❌ | ❌ | ✅ | +| Edit build settings | ❌ | ❌ | ✅ | +| View teams | ✅ | ✅ | ✅ | +| Assign team permissions to repositories | ❌ | ✅ | ✅ | ======= | :---------------------------------------------------- | :----- | :----- | :---- | -| Explore images and extensions | ✅ | ✅ | ✅ | -| Star, favorite, vote, and comment on content | ✅ | ✅ | ✅ | -| Pull images | ✅ | ✅ | ✅ | -| Create and publish an extension | ✅ | ✅ | ✅ | -| Become a Verified, Official, or Open Source publisher | ❌ | ❌ | ✅ | -| Observe content engagement as a publisher | ❌ | ❌ | ✅ | -| Create public and private repositories | ❌ | ✅ | ✅ | -| Edit and delete repositories | ❌ | ✅ | ✅ | -| Manage tags | ❌ | ✅ | ✅ | -| View repository activity | ❌ | ❌ | ✅ | -| Set up Automated builds | ❌ | ❌ | ✅ | -| Edit build settings | ❌ | ❌ | ✅ | -| View teams | ✅ | ✅ | ✅ | -| Assign team permissions to repositories | ❌ | ✅ | ✅ | ->>>>>>> 521a0d373d (feedback) +| Explore images and extensions | ✅ | ✅ | ✅ | +| Star, favorite, vote, and comment on content | ✅ | ✅ | ✅ | +| Pull images | ✅ | ✅ | ✅ | +| Create and publish an extension | ✅ | ✅ | ✅ | +| Become a Verified, Official, or Open Source publisher | ❌ | ❌ | ✅ | +| Observe content engagement as a publisher | ❌ | ❌ | ✅ | +| Create public and private repositories | ❌ | ✅ | ✅ | +| Edit and delete repositories | ❌ | ✅ | ✅ | +| Manage tags | ❌ | ✅ | ✅ | +| View repository activity | ❌ | ❌ | ✅ | +| Set up Automated builds | ❌ | ❌ | ✅ | +| Edit build settings | ❌ | ❌ | ✅ | +| View teams | ✅ | ✅ | ✅ | +| Assign team permissions to repositories | ❌ | ✅ | ✅ | + +> > > > > > > 521a0d373d (feedback) When you add members to teams, you can grant additional repository permissions beyond their organization role: From 6cd76ee4831d1db896b879c414d23c3a7ad976f7 Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Mon, 3 Nov 2025 15:05:00 -0500 Subject: [PATCH 7/7] lint 2 --- .../roles-and-permissions/core-roles.md | 51 ++++++------------- 1 file changed, 16 insertions(+), 35 deletions(-) diff --git a/content/manuals/enterprise/security/roles-and-permissions/core-roles.md b/content/manuals/enterprise/security/roles-and-permissions/core-roles.md index 77ff26c5a612..a426a90c7ca0 100644 --- a/content/manuals/enterprise/security/roles-and-permissions/core-roles.md +++ b/content/manuals/enterprise/security/roles-and-permissions/core-roles.md @@ -29,42 +29,23 @@ Docker organizations have three core roles: These permissions apply organization-wide, including all repositories in your organization's namespace. -| Permission | Member | Editor | Owner | -<<<<<<< HEAD -| :---------------------------------------------------- | :----- | :----- | :----------------- | -| Explore images and extensions | ✅ | ✅ | ✅ | -| Star, favorite, vote, and comment on content | ✅ | ✅ | ✅ | -| Pull images | ✅ | ✅ | ✅ | -| Create and publish an extension | ✅ | ✅ | ✅ | -| Become a Verified, Official, or Open Source publisher | ❌ | ❌ | ✅ | -| Edit and delete publisher repository logos | ❌ | ✅ | ✅ | -| Observe content engagement as a publisher | ❌ | ❌ | ✅ | -| Create public and private repositories | ❌ | ✅ | ✅ | -| Edit and delete repositories | ❌ | ✅ | ✅ | -| Manage tags | ❌ | ✅ | ✅ | -| View repository activity | ❌ | ❌ | ✅ | -| Set up Automated builds | ❌ | ❌ | ✅ | -| Edit build settings | ❌ | ❌ | ✅ | -| View teams | ✅ | ✅ | ✅ | -| Assign team permissions to repositories | ❌ | ✅ | ✅ | -======= +| Permission | Member | Editor | Owner | | :---------------------------------------------------- | :----- | :----- | :---- | -| Explore images and extensions | ✅ | ✅ | ✅ | -| Star, favorite, vote, and comment on content | ✅ | ✅ | ✅ | -| Pull images | ✅ | ✅ | ✅ | -| Create and publish an extension | ✅ | ✅ | ✅ | -| Become a Verified, Official, or Open Source publisher | ❌ | ❌ | ✅ | -| Observe content engagement as a publisher | ❌ | ❌ | ✅ | -| Create public and private repositories | ❌ | ✅ | ✅ | -| Edit and delete repositories | ❌ | ✅ | ✅ | -| Manage tags | ❌ | ✅ | ✅ | -| View repository activity | ❌ | ❌ | ✅ | -| Set up Automated builds | ❌ | ❌ | ✅ | -| Edit build settings | ❌ | ❌ | ✅ | -| View teams | ✅ | ✅ | ✅ | -| Assign team permissions to repositories | ❌ | ✅ | ✅ | - -> > > > > > > 521a0d373d (feedback) +| Explore images and extensions | ✅ | ✅ | ✅ | +| Star, favorite, vote, and comment on content | ✅ | ✅ | ✅ | +| Pull images | ✅ | ✅ | ✅ | +| Create and publish an extension | ✅ | ✅ | ✅ | +| Become a Verified, Official, or Open Source publisher | ❌ | ❌ | ✅ | +| Edit and delete publisher repository logos | ❌ | ✅ | ✅ | +| Observe content engagement as a publisher | ❌ | ❌ | ✅ | +| Create public and private repositories | ❌ | ✅ | ✅ | +| Edit and delete repositories | ❌ | ✅ | ✅ | +| Manage tags | ❌ | ✅ | ✅ | +| View repository activity | ❌ | ❌ | ✅ | +| Set up Automated builds | ❌ | ❌ | ✅ | +| Edit build settings | ❌ | ❌ | ✅ | +| View teams | ✅ | ✅ | ✅ | +| Assign team permissions to repositories | ❌ | ✅ | ✅ | When you add members to teams, you can grant additional repository permissions beyond their organization role: