|
| 1 | +--- |
| 2 | +description: Use roles in your organization to control who has access to content, registry, and organization management permissions. |
| 3 | +keywords: members, teams, organization, company, roles, access, docker hub, admin console, security |
| 4 | +title: Roles and permissions |
| 5 | +aliases: |
| 6 | +- /docker-hub/roles-and-permissions/ |
| 7 | +weight: 40 |
| 8 | +--- |
| 9 | + |
| 10 | +{{< summary-bar feature_name="General admin" >}} |
| 11 | + |
| 12 | +This guide outlines Docker's organization roles and their permission scopes. |
| 13 | + |
| 14 | +## Roles |
| 15 | + |
| 16 | +When you invite users to your organization, you assign them a role. A role is a |
| 17 | +collection of permissions. Roles define whether users can create repositories, |
| 18 | +pull images, create teams, and configure organization settings. |
| 19 | + |
| 20 | +The following roles are available to assign: |
| 21 | + |
| 22 | +- Member: Non-administrative role. Members can view other members that are in |
| 23 | +the same organization. |
| 24 | +- Editor: Partial administrative access to the organization. Editors can |
| 25 | +create, edit, and delete repositories. They can also edit an existing team's |
| 26 | +access permissions. |
| 27 | +- Owner: Full organization administrative access. Owners can manage organization |
| 28 | +repositories, teams, members, settings, and billing. |
| 29 | + |
| 30 | +Owners can manage roles for members of an organization using Docker Hub or the Admin Console: |
| 31 | + |
| 32 | +- Update a member role in [Docker Hub](/manuals/admin/organization/members.md#update-a-member-role) |
| 33 | +- Update an organization's members or company in the [Admin Console](/manuals/admin/company/users.md#update-a-member-role) |
| 34 | +- Learn more about [organizations and companies](/manuals/admin/_index.md) |
| 35 | + |
| 36 | +## Permissions |
| 37 | + |
| 38 | +> [!NOTE] |
| 39 | +> |
| 40 | +> Company owners have the same access as owners for all associated organizations. For more information, see [Company overview](/admin/company/). |
| 41 | +
|
| 42 | +The following sections describe the permissions for each role. |
| 43 | + |
| 44 | +### Content and registry permissions |
| 45 | + |
| 46 | +The following table outlines content and registry permissions for member, |
| 47 | +editor, and owner roles. These permissions and roles apply to the entire |
| 48 | +organization, including all the repositories in the namespace for the |
| 49 | +organization. |
| 50 | + |
| 51 | +| Permission | Member | Editor | Owner | |
| 52 | +| :---------------------------------------------------- | :----- | :----- | :----------------- | |
| 53 | +| Explore images and extensions | ✅ | ✅ | ✅ | |
| 54 | +| Star, favorite, vote, and comment on content | ✅ | ✅ | ✅ | |
| 55 | +| Pull images | ✅ | ✅ | ✅ | |
| 56 | +| Create and publish an extension | ✅ | ✅ | ✅ | |
| 57 | +| Become a Verified, Official, or Open Source publisher | ❌ | ❌ | ✅ | |
| 58 | +| Observe content engagement as a publisher | ❌ | ❌ | ✅ | |
| 59 | +| Create public and private repositories | ❌ | ✅ | ✅ | |
| 60 | +| Edit and delete repositories | ❌ | ✅ | ✅ | |
| 61 | +| Manage tags | ❌ | ✅ | ✅ | |
| 62 | +| View repository activity | ❌ | ❌ | ✅ | |
| 63 | +| Set up Automated builds | ❌ | ❌ | ✅ | |
| 64 | +| Edit build settings | ❌ | ❌ | ✅ | |
| 65 | +| View teams | ✅ | ✅ | ✅ | |
| 66 | +| Assign team permissions to repositories | ❌ | ✅ | ✅ | |
| 67 | + |
| 68 | +When you add members to a team, you can manage their repository permissions. |
| 69 | +For team repository permissions, see [Create and manage a team permissions reference](/manuals/admin/organization/manage-a-team.md#permissions-reference). |
| 70 | + |
| 71 | +The following diagram provides an example of how permissions may work for a |
| 72 | +user. In this example, the first permission check is for the role: member or |
| 73 | +editor. Editors have administrative permissions for repositories across the |
| 74 | +namespace of the organization. Members may have administrative permissions for |
| 75 | +a repository if they're a member of a team that grants those permissions. |
| 76 | + |
| 77 | + |
| 78 | + |
| 79 | +### Organization management permissions |
| 80 | + |
| 81 | +The following table outlines organization management permissions for member, |
| 82 | +editor, owner, and company owner roles. |
| 83 | + |
| 84 | +| Permission | Member | Editor | Owner | |
| 85 | +| :---------------------------------------------------------------- | :----- | :----- | :----------------- | |
| 86 | +| Create teams | ❌ | ❌ | ✅ | |
| 87 | +| Manage teams (including delete) | ❌ | ❌ | ✅ | |
| 88 | +| Configure the organization's settings (including linked services) | ❌ | ❌ | ✅ | |
| 89 | +| Add organizations to a company | ❌ | ❌ | ✅ | |
| 90 | +| Invite members | ❌ | ❌ | ✅ | |
| 91 | +| Manage members | ❌ | ❌ | ✅ | |
| 92 | +| Manage member roles and permissions | ❌ | ❌ | ✅ | |
| 93 | +| View member activity | ❌ | ❌ | ✅ | |
| 94 | +| Export and reporting | ❌ | ❌ | ✅ | |
| 95 | +| Image Access Management | ❌ | ❌ | ✅ | |
| 96 | +| Registry Access Management | ❌ | ❌ | ✅ | |
| 97 | +| Set up Single Sign-On (SSO) and SCIM | ❌ | ❌ | ✅ \* | |
| 98 | +| Require Docker Desktop sign-in | ❌ | ❌ | ✅ \* | |
| 99 | +| Manage billing information (for example, billing address) | ❌ | ❌ | ✅ | |
| 100 | +| Manage payment methods (for example, credit card or invoice) | ❌ | ❌ | ✅ | |
| 101 | +| View billing history | ❌ | ❌ | ✅ | |
| 102 | +| Manage subscriptions | ❌ | ❌ | ✅ | |
| 103 | +| Manage seats | ❌ | ❌ | ✅ | |
| 104 | +| Upgrade and downgrade plans | ❌ | ❌ | ✅ | |
| 105 | + |
| 106 | +_\* If not part of a company_ |
| 107 | + |
| 108 | +### Docker Scout permissions |
| 109 | + |
| 110 | +The following table outlines Docker Scout management permissions for member, |
| 111 | +editor, and owner roles. |
| 112 | + |
| 113 | +| Permission | Member | Editor | Owner | |
| 114 | +| :---------------------------------------------------- | :----- | :----- | :----------------- | |
| 115 | +| View and compare analysis results | ✅ | ✅ | ✅ | |
| 116 | +| Upload analysis records | ✅ | ✅ | ✅ | |
| 117 | +| Activate and deactivate Docker Scout for a repository | ❌ | ✅ | ✅ | |
| 118 | +| Create environments | ❌ | ❌ | ✅ | |
| 119 | +| Manage registry integrations | ❌ | ❌ | ✅ | |
| 120 | + |
| 121 | +### Docker Build Cloud permissions |
| 122 | + |
| 123 | +The following table outlines Docker Build Cloud management permissions for |
| 124 | +member, editor, and owner roles. |
| 125 | + |
| 126 | +| Permission | Member | Editor | Owner | |
| 127 | +| ---------------------------- | :----- | :----- | :----------------- | |
| 128 | +| Use a cloud builder | ✅ | ✅ | ✅ | |
| 129 | +| Create and remove builders | ✅ | ✅ | ✅ | |
| 130 | +| Configure builder settings | ✅ | ✅ | ✅ | |
| 131 | +| Buy minutes | ❌ | ❌ | ✅ | |
| 132 | +| Manage subscription | ❌ | ❌ | ✅ | |
0 commit comments