Permission levels in DTREstimated reading time: 2 minutes
Docker Trusted Registry allows you to define fine-grain permissions over image repositories.
Users are shared across Docker Datacenter. When you create a new user in Docker Universal Control Plane, that user becomes available in DTR and vice versa. When you create an administrator user in DTR, that user is a Docker Datacenter administrator, with permissions to:
- Manage users across Docker Datacenter,
- Manage DTR repositories and settings,
- Manage the whole UCP cluster.
Team permission levels
Teams allow you to define the permissions a set of user has for a set of repositories. Three permission levels are available:
|Set public or private||x|
|Manage user access||x|
Team permissions are additive. When a user is a member of multiple teams, they have the highest permission level defined by those teams.
Here’s an overview of the permission levels available in DTR:
- Anonymous users: Can search and pull public repositories.
- Users: Can search and pull public repos, and create and manage their own repositories.
- Team member: Everything a user can do, plus the permissions granted by the teams the user is member of.
- Team admin: Everything a team member can do, and can also add members to the team.
- Organization admin: Everything a team admin can do, can create new teams, and add members to the organization.
- DDC admin: Can manage anything across UCP and DTR.