Permission levels

Mirantis Secure Registry (MSR) allows you to define fine-grained permissions over image repositories.

Administrators

MSR administrators have permission to manage all MSR repositories and settings.

Note

To monitor users login events, enable the auditAuthLogsEnabled parameter in the /settings API endpoint:

curl -k -u admin:$TOKEN -X POST "https://host:port/api/v0/meta/settings" \
-H "accept: application/json" \
-H "Content-Type: application/json" \
-d "{ \"auditAuthLogsEnabled\": true}"

Team permission levels

With teams you can define the repository permissions for a set of users (read, read-write, and admin).

Repository operation

read

read-write

admin

View/browse

x

x

x

Pull

x

x

x

Push

x

x

Start a scan

x

x

Delete tags

x

x

Edit description

x

Set public or private

x

Manage user access

x

Delete repository

x

Note

Team permissions are additive. When a user is a member of multiple teams, they have the highest permission level defined by those teams.

Overall permissions

Permission level

Description

Anonymous or unauthenticated users

Search and pull public repositories.

Authenticated Users

Search and pull public repos, and create and manage their own repositories.

Team Member

Do everything a user can do, plus the permissions granted by the team the user belongs to.

Organization Owner

Manage repositories and teams for the organization.

Admin

Manage anything across MKE and MSR.