Mirantis Secure Registry allows you to define fine-grain permissions over image repositories.
Users are shared across MKE and MSR. When you create a new user in Mirantis Kubernetes Engine, that user becomes available in MSR and vice versa. When you create a trusted admin in MSR, the admin has permissions to manage:
Teams allow you to define the permissions a set of user has for a set of repositories. Three permission levels are available:
Repository operation | read | read-write | admin |
---|---|---|---|
View/ browse | x | x | x |
Pull | x | x | x |
Push | x | x | |
Start a scan | x | x | |
Delete tags | x | x | |
Edit description | x | ||
Set public or private | x | ||
Manage user access | x | ||
Delete repository | x |
Team permissions are additive. When a user is a member of multiple teams, they have the highest permission level defined by those teams.
Here’s an overview of the permission levels available in MSR: