-
Notifications
You must be signed in to change notification settings - Fork 41
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adds RBAC content to security guide (#1096)
Co-authored-by: Steven Smith <stevsmit@stevsmit-thinkpadt14gen4.remote.csb>
- Loading branch information
Showing
6 changed files
with
35 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,15 +1,15 @@ | ||
[[role-based-access-control]] | ||
= Role-based access control (RBAC) | ||
[id="role-based-access-control"] | ||
= {productname} permissions model | ||
|
||
{productname} offers three types of permissions: | ||
{productname}'s permission model provides fine-grained access control over repositories and the content of those repositories, helping ensure secure collaboration and automation. {productname} administrators can grant users and robot accounts one of the following levels of access: | ||
|
||
* `Read`, which allows users, robots, and teams to pull images. | ||
* `Write`, which allows users, robots, and teams to push images. | ||
* `Admin`, which provides users, robots, and teams with administrative privileges. | ||
* *Read*: Allows users, robots, and teams to pull images. | ||
* *Write*: Allows users, robots, and teams to push images. | ||
* *Admin*: Provides users, robots, and teams administrative privileges. | ||
|
||
[NOTE] | ||
==== | ||
Administrative users can delegate new permissions for existing users and teams, change existing permissions, and revoke permissions when necessary | ||
==== | ||
|
||
Permissions can be delegated across the entire organization and on specific repositories. For example, `Read` permissions can be set to a specific team within the organization, while `Admin` permissions can be given to all users across all repositories within the organization. | ||
Collectively, these levels of access provide users or robot accounts the ability to perform specific tasks, like pulling images, pushing new versions of an image into the registry, or managing the settings of a repository. These permissions can be delegated across the entire organization and on specific repositories. For example, *Read* permissions can be set to a specific team within the organization, while *Admin* permissions can be given to all users across all repositories within the organization. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters