Skip to content

revert file from published #23090

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

revert file from published #23090

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
76e5721
fix published conflict
sarahsanders-docker Jul 14, 2025
48cba44
Revert file to match upstream/published
sarahsanders-docker Jul 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions content/manuals/enterprise/security/roles-and-permissions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,3 +131,4 @@ member, editor, and owner roles.
| Configure builder settings | ✅ | ✅ | ✅ |
| Buy minutes | ❌ | ❌ | ✅ |
| Manage subscription | ❌ | ❌ | ✅ |

132 changes: 132 additions & 0 deletions content/manuals/security/for-admins/roles-and-permissions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
---
description: Use roles in your organization to control who has access to content, registry, and organization management permissions.
keywords: members, teams, organization, company, roles, access, docker hub, admin console, security

Check failure on line 3 in content/manuals/security/for-admins/roles-and-permissions.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Vale.Terms] Use 'Docker Hub' instead of 'docker hub'.

Raw Output:
{"message": "[Vale.Terms] Use 'Docker Hub' instead of 'docker hub'.", "location": {"path": "content/manuals/security/for-admins/roles-and-permissions.md", "range": {"start": {"line": 3, "column": 65}}}, "severity": "ERROR"}
title: Roles and permissions
aliases:
- /docker-hub/roles-and-permissions/
weight: 40
---

{{< summary-bar feature_name="General admin" >}}

This guide outlines Docker's organization roles and their permission scopes.

## Roles

When you invite users to your organization, you assign them a role. A role is a
collection of permissions. Roles define whether users can create repositories,
pull images, create teams, and configure organization settings.

The following roles are available to assign:

- Member: Non-administrative role. Members can view other members that are in
the same organization.
- Editor: Partial administrative access to the organization. Editors can
create, edit, and delete repositories. They can also edit an existing team's
access permissions.
- Owner: Full organization administrative access. Owners can manage organization
repositories, teams, members, settings, and billing.

Owners can manage roles for members of an organization using Docker Hub or the Admin Console:

- Update a member role in [Docker Hub](/manuals/admin/organization/members.md#update-a-member-role)
- Update an organization's members or company in the [Admin Console](/manuals/admin/company/users.md#update-a-member-role)
- Learn more about [organizations and companies](/manuals/admin/_index.md)

## Permissions

> [!NOTE]
>
> Company owners have the same access as owners for all associated organizations. For more information, see [Company overview](/admin/company/).

The following sections describe the permissions for each role.

### Content and registry permissions

The following table outlines content and registry permissions for member,
editor, and owner roles. These permissions and roles apply to the entire
organization, including all the repositories in the namespace for the
organization.

| Permission | Member | Editor | Owner |
| :---------------------------------------------------- | :----- | :----- | :----------------- |
| Explore images and extensions | ✅ | ✅ | ✅ |
| Star, favorite, vote, and comment on content | ✅ | ✅ | ✅ |
| Pull images | ✅ | ✅ | ✅ |
| Create and publish an extension | ✅ | ✅ | ✅ |
| Become a Verified, Official, or Open Source publisher | ❌ | ❌ | ✅ |
| Observe content engagement as a publisher | ❌ | ❌ | ✅ |
| Create public and private repositories | ❌ | ✅ | ✅ |
| Edit and delete repositories | ❌ | ✅ | ✅ |
| Manage tags | ❌ | ✅ | ✅ |
| View repository activity | ❌ | ❌ | ✅ |
| Set up Automated builds | ❌ | ❌ | ✅ |
| Edit build settings | ❌ | ❌ | ✅ |
| View teams | ✅ | ✅ | ✅ |
| Assign team permissions to repositories | ❌ | ✅ | ✅ |

When you add members to a team, you can manage their repository permissions.
For team repository permissions, see [Create and manage a team permissions reference](/manuals/admin/organization/manage-a-team.md#permissions-reference).

The following diagram provides an example of how permissions may work for a
user. In this example, the first permission check is for the role: member or
editor. Editors have administrative permissions for repositories across the
namespace of the organization. Members may have administrative permissions for
a repository if they're a member of a team that grants those permissions.

![User repository permissions within an organization](../images/roles-and-permissions-member-editor-roles.png)

### Organization management permissions

The following table outlines organization management permissions for member,
editor, owner, and company owner roles.

| Permission | Member | Editor | Owner |
| :---------------------------------------------------------------- | :----- | :----- | :----------------- |
| Create teams | ❌ | ❌ | ✅ |
| Manage teams (including delete) | ❌ | ❌ | ✅ |
| Configure the organization's settings (including linked services) | ❌ | ❌ | ✅ |
| Add organizations to a company | ❌ | ❌ | ✅ |
| Invite members | ❌ | ❌ | ✅ |
| Manage members | ❌ | ❌ | ✅ |
| Manage member roles and permissions | ❌ | ❌ | ✅ |
| View member activity | ❌ | ❌ | ✅ |
| Export and reporting | ❌ | ❌ | ✅ |
| Image Access Management | ❌ | ❌ | ✅ |
| Registry Access Management | ❌ | ❌ | ✅ |
| Set up Single Sign-On (SSO) and SCIM | ❌ | ❌ | ✅ \* |
| Require Docker Desktop sign-in | ❌ | ❌ | ✅ \* |
| Manage billing information (for example, billing address) | ❌ | ❌ | ✅ |
| Manage payment methods (for example, credit card or invoice) | ❌ | ❌ | ✅ |
| View billing history | ❌ | ❌ | ✅ |
| Manage subscriptions | ❌ | ❌ | ✅ |
| Manage seats | ❌ | ❌ | ✅ |
| Upgrade and downgrade plans | ❌ | ❌ | ✅ |

_\* If not part of a company_

### Docker Scout permissions

The following table outlines Docker Scout management permissions for member,
editor, and owner roles.

| Permission | Member | Editor | Owner |
| :---------------------------------------------------- | :----- | :----- | :----------------- |
| View and compare analysis results | ✅ | ✅ | ✅ |
| Upload analysis records | ✅ | ✅ | ✅ |
| Activate and deactivate Docker Scout for a repository | ❌ | ✅ | ✅ |
| Create environments | ❌ | ❌ | ✅ |
| Manage registry integrations | ❌ | ❌ | ✅ |

### Docker Build Cloud permissions

The following table outlines Docker Build Cloud management permissions for
member, editor, and owner roles.

| Permission | Member | Editor | Owner |
| ---------------------------- | :----- | :----- | :----------------- |
| Use a cloud builder | ✅ | ✅ | ✅ |
| Create and remove builders | ✅ | ✅ | ✅ |
| Configure builder settings | ✅ | ✅ | ✅ |
| Buy minutes | ❌ | ❌ | ✅ |
| Manage subscription | ❌ | ❌ | ✅ |
Loading