diff --git a/docs/user_guide.md b/docs/user_guide.md index 840e81ce2..85d72e9bb 100644 --- a/docs/user_guide.md +++ b/docs/user_guide.md @@ -37,17 +37,20 @@ This guide walks you through the fundamentals of using Harbor. You'll learn how ![rbac](img/rbac.png) -Harbor manages images through projects. Users can be added into one project as a member with three different roles: +Harbor manages images through projects. Users can be added into one project as a member with one of three different roles: * **Guest**: Guest has read-only privilege for a specified project. * **Developer**: Developer has read and write privileges for a project. +* **Master**: Master has elevated permissions beyond those of 'Developer' including the ability to scan images, view replications jobs, and delete images and helm charts. * **ProjectAdmin**: When creating a new project, you will be assigned the "ProjectAdmin" role to the project. Besides read-write privileges, the "ProjectAdmin" also has some management privileges, such as adding and removing members, starting a vulnerability scan. -Besides the above three roles, there are two system-wide roles: +Besides the above three roles, there are two system-level roles: * **SysAdmin**: "SysAdmin" has the most privileges. In addition to the privileges mentioned above, "SysAdmin" can also list all projects, set an ordinary user as administrator, delete users and set vulnerability scan policy for all images. The public project "library" is also owned by the administrator. * **Anonymous**: When a user is not logged in, the user is considered as an "Anonymous" user. An anonymous user has no access to private projects and has read-only access to public projects. +See detailed permissions matrix listed here: https://github.com/goharbor/harbor/blob/master/docs/permissions.md + ## User account Harbor supports different authentication modes: