Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-09-18 08:41:10 +02:00
Code Issues Projects Releases Wiki Activity
7e585d636b
harbor/docs/harbor-doc-reorg/administration/managing_users/configure_rbac.md
Stuart Clements 4738d94c54 Fixed image paths
2019-10-18 15:30:53 +02:00

1.8 KiB
Raw Blame History

Harbor Role Based Access Control (RBAC)

rbac

Harbor manages images through projects. Users can be added into one project as a member with one of three different roles:

  • Guest: Guest has read-only privilege for a specified project.
  • Developer: Developer has read and write privileges for a project.
  • Master: Master has elevated permissions beyond those of 'Developer' including the ability to scan images, view replications jobs, and delete images and helm charts.
  • ProjectAdmin: When creating a new project, you will be assigned the "ProjectAdmin" role to the project. Besides read-write privileges, the "ProjectAdmin" also has some management privileges, such as adding and removing members, starting a vulnerability scan.

Besides the above three roles, there are two system-level roles:

  • SysAdmin: "SysAdmin" has the most privileges. In addition to the privileges mentioned above, "SysAdmin" can also list all projects, set an ordinary user as administrator, delete users and set vulnerability scan policy for all images. The public project "library" is also owned by the administrator.
  • Anonymous: When a user is not logged in, the user is considered as an "Anonymous" user. An anonymous user has no access to private projects and has read-only access to public projects.

For full details of the permissions of the different roles, see User Permissions By Role.

Managing user

Administrator can add "Administrator" role to one or more ordinary users by checking checkboxes and clicking SET AS ADMINISTRATOR. To delete users, checked checkboxes and select DELETE. Deleting user is only supported under database authentication mode.

browse project