harbor/docs/permissions.md
Stuart Clements 26905baca2
Doc updates for 1.10 (#10029)
* Updated doc to include Limited Guest

* Added example for limited guest.

* Updated vulnerability scanning docs for 1.10.

* Updated GC docs to reflect new position in UI

* Updated project quota doc to reflect new position in UI

* Added some doc about tag immutability

* Fixed index

* Formatting

* Added new replication endpoints

* Added project quota webhook

* Review comments from Alex

* Clarified Clair requirement for additional scanners

* Some formatting and edits in vulnerability section

* Updated tag retention doc to reflect new UI

* Updated tag immutability to reflect new UI

* New screencaps

* Updated robot accounts doc for new UI and rewrote

* Formatting

* Updated webhooks doc for new UI

* Formatting

* Updated Logs doc for new UI

* Formatting

* New screencaps

* Added tag immutability to permissions document

* Corrected immutability permissions

* Added explanation for project quotas

* Fixed typo

* Linked to new compatibility list document

* Comments from Alex

* Comments from Steven and Wang

* Removed mention of the ellipsis in project menu

* Reverting some screencaps to remove ellipsis

* Reverted log screencaps to remove ellipsis

* Minor rewording

* Fixed caps

* More cap fixing

* Added info about self-registration, rewrote db auth doc

* Attempting to document *.asc key

* Added that negligible vulnerabilities are ignored, rewrote

* Formatting

* Added scanner permissions to table

* Clarified labelling and replication

* Rewrote replication docs

* Formatting

* Typo

* Rearranged content

* Updated ASC key docs

* formatting

* Minor rewording

* Rewrote LDAP section

* minor edits

* Added OIDC groups, rewrote OIDC docs

* formatting

* Mentioned memberof for OIDC.

* Comments from steven

* Added info about insecure registries

* Added tag immutability example

* Removed UAA from install guide

* Cleaned up headers

* More clean up of headers

* Recommended not to use UAA

* Added user-generated CLI secret

* Adding stray screencap
2019-12-12 18:35:30 +01:00

5.3 KiB

Permissions

Users have different abilities depending on the role they in a project.

On public projects all users will be able to see the list of repositories, images, image vulnerabilities, helm charts and helm chart versions, pull images, retag images (need push permission for destination image), download helm charts, download helm chart versions.

System admin have all permissions for the project.

Project members permissions

The following table depicts the various user permission levels in a project.

Action Limited Guest Guest Developer Master Project Admin
See the project configurations
Edit the project configurations
See a list of project members
Create/edit/delete project members
See a list of project logs
See a list of project replications
See a list of project replication jobs
See a list of project labels
Create/edit/delete project labels
See a list of repositories
Create repositories
Edit/delete repositories
See a list of images
Retag image
Pull image
Push image
Scan/delete image
Add scanners to Harbor
Edit scanners in projects
See a list of image vulnerabilities
See image build history
Add/Remove labels of image
See a list of helm charts
Download helm charts
Upload helm charts
Delete helm charts
See a list of helm chart versions
Download helm chart versions
Upload helm chart versions
Delete helm chart versions
Add/Remove labels of helm chart version
See a list of project robots
Create/edit/delete project robots
See configured CVE whitelist
Create/edit/remove CVE whitelist
Enable/disable webhooks
Create/delete tag retention rules
Enable/disable tag retention rules
Create/delete tag immutability rules
Enable/disable tag immutability rules
See project quotas
Edit project quotas *

* Only the Harbor system administrator can edit project quotas and add new scanners.