Permission levels

Permission levels¶

Mirantis Secure Registry allows you to define fine-grain permissions over image repositories.

Administrators¶

Users are shared across MKE and MSR. When you create a new user in Mirantis Kubernetes Engine, that user becomes available in MSR and vice versa. When you create a trusted admin in MSR, the admin has permissions to manage:

Users across MKE and MSR
MSR repositories and settings
MKE resources and settings

Team permission levels¶

Teams allow you to define the permissions a set of user has for a set of repositories. Three permission levels are available:

Repository operation	read	read-write	admin
View/ browse	x	x	x
Pull	x	x	x
Push		x	x
Start a scan		x	x
Delete tags		x	x
Edit description			x
Set public or private			x
Manage user access			x
Delete repository			x

Team permissions are additive. When a user is a member of multiple teams, they have the highest permission level defined by those teams.

Overall permissions¶

Here’s an overview of the permission levels available in MSR:

Anonymous or unauthenticated Users: Can search and pull public repositories.
Authenticated Users: Can search and pull public repos, and create and manage their own repositories.
Team Member: Everything a user can do, plus the permissions granted by the team the user is a member of.
Organization Owner: Can manage repositories and teams for the organization.
Admin: Can manage anything across MKE and MSR.

Where to go next¶

Authentication and authorization

updated: 2023-07-26 11:20

Create and manage organizations

View Previous Section

Manage webhooks