Merge pull request #106999 from cegraybl/cegraybl/tokens_ga_remove_premium

[container-registry] Remove references to 'Premium' SKU from Tokens and Scope Maps feature

Author: Court72

articles/container-registry/container-registry-repository-scoped-permissions.md

@@ -1,6 +1,6 @@
 ---
 title: Permissions to repositories in Azure Container Registry
-description: Create a token with permissions scoped to specific repositories in a Premium registry to pull or push images, or perform other actions
+description: Create a token with permissions scoped to specific repositories in a registry to pull or push images, or perform other actions
 ms.topic: article
 author: tejaswikolli-web
 ms.author: tejaswikolli
@@ -11,24 +11,23 @@ ms.devlang: azurecli
 
 # Create a token with repository-scoped permissions
 
-This article describes how to create tokens and scope maps to manage access to specific repositories in your container registry. By creating tokens, a registry owner can provide users or services with scoped, time-limited access to repositories to pull or push images or perform other actions. A token provides more fine-grained permissions than other registry [authentication options](container-registry-authentication.md), which scope permissions to an entire registry. 
+This article describes how to create tokens and scope maps to manage access to specific repositories in your container registry. By creating tokens, a registry owner can provide users or services with scoped, time-limited access to repositories to pull or push images or perform other actions. A token provides more fine-grained permissions than other registry [authentication options](container-registry-authentication.md), which scope permissions to an entire registry.
 
 Scenarios for creating a token include:
 
 * Allow IoT devices with individual tokens to pull an image from a repository
 * Provide an external organization with permissions to a specific repository 
 * Limit repository access to different user groups in your organization. For example, provide write and read access to developers who build images that target specific repositories, and read access to teams that deploy from those repositories.
 
-This feature is available in the **Premium** container registry service tier. For information about registry service tiers and limits, see [Azure Container Registry service tiers](container-registry-skus.md).
+This feature is available in all the service tiers. For information about registry service tiers and limits, see [Azure Container Registry service tiers](container-registry-skus.md)
 
 ## Limitations
 
 * You can't currently assign repository-scoped permissions to an Azure Active Directory identity, such as a service principal or managed identity.
 
-
 ## Concepts
 
-To configure repository-scoped permissions, you create a *token* with an associated *scope map*. 
+To configure repository-scoped permissions, you create a *token* with an associated *scope map*.
 
 * A **token** along with a generated password lets the user authenticate with the registry. You can set an expiration date for a token password, or disable a token at any time.
 
@@ -42,24 +41,24 @@ To configure repository-scoped permissions, you create a *token* with an associa
   |`metadata/read`    | Read metadata from the repository   | List tags or manifests |
   |`metadata/write`     |  Write metadata to the repository  | Enable or disable read, write, or delete operations |
 
-* A **scope map** groups the repository permissions you apply to a token, and can reapply to other tokens. Every token is associated with a single scope map. 
+* A **scope map** groups the repository permissions you apply to a token, and can reapply to other tokens. Every token is associated with a single scope map.
 
    With a scope map:
 
-    * Configure multiple tokens with identical permissions to a set of repositories
-    * Update token permissions when you add or remove repository actions in the scope map, or apply a different scope map 
+  * Configure multiple tokens with identical permissions to a set of repositories
+  * Update token permissions when you add or remove repository actions in the scope map, or apply a different scope map
 
   Azure Container Registry also provides several system-defined scope maps you can apply when creating tokens. The permissions of system-defined scope maps apply to all repositories in your registry.The individual *actions* corresponds to the limit of [Repositories per scope map.](container-registry-skus.md)
 
-The following image shows the relationship between tokens and scope maps. 
+The following image shows the relationship between tokens and scope maps.
 
 ![Registry tokens and scope maps](media/container-registry-repository-scoped-permissions/token-scope-map-concepts.png)
 
 ## Prerequisites
 
 * **Azure CLI** - Azure CLI command examples in this article require Azure CLI version 2.17.0 or later. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI](/cli/azure/install-azure-cli).
 * **Docker** - To authenticate with the registry to pull or push images, you need a local Docker installation. Docker provides installation instructions for [macOS](https://docs.docker.com/docker-for-mac/), [Windows](https://docs.docker.com/docker-for-windows/), and [Linux](https://docs.docker.com/engine/installation/#supported-platforms) systems.
-* **Container registry** - If you don't have one, create a Premium container registry in your Azure subscription, or upgrade an existing registry. For example, use the [Azure portal](container-registry-get-started-portal.md) or the [Azure CLI](container-registry-get-started-azure-cli.md). 
+* **Container registry** - If you don't have one, create a container registry in your Azure subscription. For example, use the [Azure portal](container-registry-get-started-portal.md) or the [Azure CLI](container-registry-get-started-azure-cli.md).
 
 ## Create token - CLI
 
@@ -165,7 +164,7 @@ After the token is validated and created, token details appear in the **Tokens**
 
 ### Add token password
 
-To use a token created in the portal, you must generate a password. You can generate one or two passwords, and set an expiration date for each one. New passwords created for tokens are available immediately. Regenerating new passwords for tokens will take 60 seconds to replicate and be available. 
+To use a token created in the portal, you must generate a password. You can generate one or two passwords, and set an expiration date for each one. New passwords created for tokens are available immediately. Regenerating new passwords for tokens will take 60 seconds to replicate and be available.
 
 1. In the portal, navigate to your container registry.
 1. Under **Repository permissions**, select **Tokens**, and select a token.
@@ -401,7 +400,7 @@ In the portal, on the **Tokens** screen, select the token, and under **Scope map
 
 ## Disable or delete token
 
-You might need to temporarily disable use of the token credentials for a user or service. 
+You might need to temporarily disable use of the token credentials for a user or service.
 
 Using the Azure CLI, run the [az acr token update][az-acr-token-update] command to set the `status` to `disabled`:
 
@@ -412,7 +411,7 @@ az acr token update --name MyToken --registry myregistry \
 
 In the portal, select the token in the **Tokens** screen, and select **Disabled** under **Status**.
 
-To delete a token to permanently invalidate access by anyone using its credentials, run the [az acr token delete][az-acr-token-delete] command. 
+To delete a token to permanently invalidate access by anyone using its credentials, run the [az acr token delete][az-acr-token-delete] command.
 
 ```azurecli
 az acr token delete --name MyToken --registry myregistry