Permission levels¶
Mirantis Secure Registry (MSR) allows you to define fine-grained permissions over image repositories.
Administrators¶
MSR administrators have permission to manage all MSR repositories and settings.
Note
To monitor users login events, enable the auditAuthLogsEnabled
parameter
in the /settings
API endpoint:
curl -k -u admin:$TOKEN -X POST "https://host:port/api/v0/meta/settings" \
-H "accept: application/json" \
-H "Content-Type: application/json" \
-d "{ \"auditAuthLogsEnabled\": true}"
Team permission levels¶
With teams you can define the repository permissions for a set of users (read, read-write, and admin).
Repository operation |
read |
read-write |
admin |
---|---|---|---|
View/browse |
x |
x |
x |
Pull |
x |
x |
x |
Push |
x |
x |
|
Start a scan |
x |
x |
|
Delete tags |
x |
x |
|
Edit description |
x |
||
Set public or private |
x |
||
Manage user access |
x |
||
Delete repository |
x |
Note
Team permissions are additive. When a user is a member of multiple teams, they have the highest permission level defined by those teams.
Overall permissions¶
Permission level |
Description |
---|---|
Anonymous or unauthenticated users |
Search and pull public repositories. |
Authenticated Users |
Search and pull public repos, and create and manage their own repositories. |
Team Member |
Do everything a user can do, plus the permissions granted by the team the user belongs to. |
Organization Owner |
Manage repositories and teams for the organization. |
Admin |
Manage anything across MKE and MSR. |