Permission levels in DTR

Estimated reading time: 2 minutes

These are the docs for DTR version 2.4.1

To select a different version, use the selector below.

Docker Trusted Registry allows you to define fine-grain permissions over image repositories.

Administrator users

Users are shared across UCP and DTR. When you create a new user in Docker Universal Control Plane, that user becomes available in DTR and vice versa. When you create an administrator user in DTR, the user has permissions to:

  • Manage users across UCP and DTR,
  • Manage DTR repositories and settings,
  • Manage UCP resources and settings.

Team permission levels

Teams allow you to define the permissions a set of user has for a set of repositories. Three permission levels are available:

Repository operationreadread-writeadmin
View/ browsexxx
Push xx
Start a scan xx
Delete tags xx
Edit description  x
Set public or private  x
Manage user access  x
Delete repository  x

Team permissions are additive. When a user is a member of multiple teams, they have the highest permission level defined by those teams.

Overall permissions

Here’s an overview of the permission levels available in DTR:

  • Anonymous users: Can search and pull public repositories.
  • Users: Can search and pull public repos, and create and manage their own repositories.
  • Team member: Everything a user can do, plus the permissions granted by the teams the user is member of.
  • Team admin: Everything a team member can do, and can also add members to the team.
  • Organization admin: Everything a team admin can do, can create new teams, and add members to the organization.
  • Admin: Can manage anything across UCP and DTR.

Where to go next

registry, security, permissions