From 010096c8979479216fbccd415d9bed892ea2c7f3 Mon Sep 17 00:00:00 2001 From: xaleeks Date: Thu, 29 Aug 2019 18:47:37 +0800 Subject: [PATCH 1/2] changed user_guide.md Signed-off-by: xaleeks --- docs/user_guide.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/user_guide.md b/docs/user_guide.md index 840e81ce2..c5d656b15 100644 --- a/docs/user_guide.md +++ b/docs/user_guide.md @@ -37,13 +37,13 @@ This guide walks you through the fundamentals of using Harbor. You'll learn how ![rbac](img/rbac.png) -Harbor manages images through projects. Users can be added into one project as a member with three different roles: +Harbor manages images through projects. Users can be added into one project as a member with one of three different roles: * **Guest**: Guest has read-only privilege for a specified project. * **Developer**: Developer has read and write privileges for a project. * **ProjectAdmin**: When creating a new project, you will be assigned the "ProjectAdmin" role to the project. Besides read-write privileges, the "ProjectAdmin" also has some management privileges, such as adding and removing members, starting a vulnerability scan. -Besides the above three roles, there are two system-wide roles: +Besides the above three roles, there are two system-level roles: * **SysAdmin**: "SysAdmin" has the most privileges. In addition to the privileges mentioned above, "SysAdmin" can also list all projects, set an ordinary user as administrator, delete users and set vulnerability scan policy for all images. The public project "library" is also owned by the administrator. * **Anonymous**: When a user is not logged in, the user is considered as an "Anonymous" user. An anonymous user has no access to private projects and has read-only access to public projects. From 20383611f90e5c4e2c635642af6a83a478731f7b Mon Sep 17 00:00:00 2001 From: xaleeks Date: Sat, 31 Aug 2019 01:30:39 +0800 Subject: [PATCH 2/2] added description of master role Signed-off-by: xaleeks --- docs/user_guide.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/user_guide.md b/docs/user_guide.md index c5d656b15..85d72e9bb 100644 --- a/docs/user_guide.md +++ b/docs/user_guide.md @@ -41,6 +41,7 @@ Harbor manages images through projects. Users can be added into one project as a * **Guest**: Guest has read-only privilege for a specified project. * **Developer**: Developer has read and write privileges for a project. +* **Master**: Master has elevated permissions beyond those of 'Developer' including the ability to scan images, view replications jobs, and delete images and helm charts. * **ProjectAdmin**: When creating a new project, you will be assigned the "ProjectAdmin" role to the project. Besides read-write privileges, the "ProjectAdmin" also has some management privileges, such as adding and removing members, starting a vulnerability scan. Besides the above three roles, there are two system-level roles: @@ -48,6 +49,8 @@ Besides the above three roles, there are two system-level roles: * **SysAdmin**: "SysAdmin" has the most privileges. In addition to the privileges mentioned above, "SysAdmin" can also list all projects, set an ordinary user as administrator, delete users and set vulnerability scan policy for all images. The public project "library" is also owned by the administrator. * **Anonymous**: When a user is not logged in, the user is considered as an "Anonymous" user. An anonymous user has no access to private projects and has read-only access to public projects. +See detailed permissions matrix listed here: https://github.com/goharbor/harbor/blob/master/docs/permissions.md + ## User account Harbor supports different authentication modes: