You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/container-registry/container-registry-repository-scoped-permissions.md
+6-9Lines changed: 6 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
2
title: Permissions to repositories in Azure Container Registry
3
-
description: Create a token with permissions scoped to specific repositories in a Premium registry to pull or push images, or perform other actions
3
+
description: Create a token with permissions scoped to specific repositories in a registry to pull or push images, or perform other actions
4
4
ms.topic: article
5
5
author: tejaswikolli-web
6
6
ms.author: tejaswikolli
@@ -11,24 +11,21 @@ ms.devlang: azurecli
11
11
12
12
# Create a token with repository-scoped permissions
13
13
14
-
This article describes how to create tokens and scope maps to manage access to specific repositories in your container registry. By creating tokens, a registry owner can provide users or services with scoped, time-limited access to repositories to pull or push images or perform other actions. A token provides more fine-grained permissions than other registry [authentication options](container-registry-authentication.md), which scope permissions to an entire registry.
14
+
This article describes how to create tokens and scope maps to manage access to specific repositories in your container registry. By creating tokens, a registry owner can provide users or services with scoped, time-limited access to repositories to pull or push images or perform other actions. A token provides more fine-grained permissions than other registry [authentication options](container-registry-authentication.md), which scope permissions to an entire registry.
15
15
16
16
Scenarios for creating a token include:
17
17
18
18
* Allow IoT devices with individual tokens to pull an image from a repository
19
19
* Provide an external organization with permissions to a specific repository
20
20
* Limit repository access to different user groups in your organization. For example, provide write and read access to developers who build images that target specific repositories, and read access to teams that deploy from those repositories.
21
21
22
-
This feature is available in the **Premium** container registry service tier. For information about registry service tiers and limits, see [Azure Container Registry service tiers](container-registry-skus.md).
23
-
24
22
## Limitations
25
23
26
24
* You can't currently assign repository-scoped permissions to an Azure Active Directory identity, such as a service principal or managed identity.
27
25
28
-
29
26
## Concepts
30
27
31
-
To configure repository-scoped permissions, you create a *token* with an associated *scope map*.
28
+
To configure repository-scoped permissions, you create a *token* with an associated *scope map*.
32
29
33
30
* A **token** along with a generated password lets the user authenticate with the registry. You can set an expiration date for a token password, or disable a token at any time.
34
31
@@ -46,8 +43,8 @@ To configure repository-scoped permissions, you create a *token* with an associa
46
43
47
44
With a scope map:
48
45
49
-
* Configure multiple tokens with identical permissions to a set of repositories
50
-
* Update token permissions when you add or remove repository actions in the scope map, or apply a different scope map
46
+
* Configure multiple tokens with identical permissions to a set of repositories
47
+
* Update token permissions when you add or remove repository actions in the scope map, or apply a different scope map
51
48
52
49
Azure Container Registry also provides several system-defined scope maps you can apply when creating tokens. The permissions of system-defined scope maps apply to all repositories in your registry.The individual *actions* corresponds to the limit of [Repositories per scope map.](container-registry-skus.md)
53
50
@@ -59,7 +56,7 @@ The following image shows the relationship between tokens and scope maps.
59
56
60
57
***Azure CLI** - Azure CLI command examples in this article require Azure CLI version 2.17.0 or later. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI](/cli/azure/install-azure-cli).
61
58
***Docker** - To authenticate with the registry to pull or push images, you need a local Docker installation. Docker provides installation instructions for [macOS](https://docs.docker.com/docker-for-mac/), [Windows](https://docs.docker.com/docker-for-windows/), and [Linux](https://docs.docker.com/engine/installation/#supported-platforms) systems.
62
-
***Container registry** - If you don't have one, create a Premium container registry in your Azure subscription, or upgrade an existing registry. For example, use the [Azure portal](container-registry-get-started-portal.md) or the [Azure CLI](container-registry-get-started-azure-cli.md).
59
+
***Container registry** - If you don't have one, create a container registry in your Azure subscription. For example, use the [Azure portal](container-registry-get-started-portal.md) or the [Azure CLI](container-registry-get-started-azure-cli.md).
0 commit comments