ENGDOCS-1275 (#16965)

* ENGDOCS-1275

* tweaks

* Apply suggestions from code review

Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>

---------

Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
This commit is contained in:
Allie Sadler 2023-03-27 09:38:01 +01:00 committed by GitHub
parent 3e6a00fdbd
commit 7ecfc99b8d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 40 deletions

View File

@ -4,26 +4,20 @@ keywords: image, access, management
title: Image Access Management
---
Image Access Management is a new feature that is a part of the Docker Business subscription. This feature allows Organization owners to control which types of images (Docker Official Images, Docker Verified Publisher Images, Community images) their developers can pull from Docker Hub.
>Note
>
>Image Access Management is available to [Docker Business](../subscription/details.md) customers only.
For example, a developer, who is part of an organization, building a new containerized application could accidentally use an untrusted, community image as a component of their application. This image could be malicious and pose a security risk to the company. Using Image Access Management, the Organization owner could ensure that the developer can only access trusted content like Docker Official Images, Docker Verified Publisher Images, or the Organizations own images, preventing such a risk.
Image Access Management gives administrators control over which types of images, such as Docker Official Images, Docker Verified Publisher Images, or community images, their developers can pull from Docker Hub.
For example, a developer, who is part of an organization, building a new containerized application could accidentally use an untrusted, community image as a component of their application. This image could be malicious and pose a security risk to the company. Using Image Access Management, the organization owner can ensure that the developer can only access trusted content like Docker Official Images, Docker Verified Publisher Images, or the organizations own images, preventing such a risk.
## Configure Image Access Management permissions
The following video walks you through the process of configuring Image Access Management permissions.
<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/phFp0iqzwRQ" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
### Detailed instructions
To configure Image Access Management permissions, perform the following steps:
1. Log into your [Docker Hub](https://hub.docker.com){: target="_blank" rel="noopener" class="_"} account as an organization administrator.
2. Select an organization, and navigate to the **Settings** tab on the **Organizations** page and click Org Permissions.
![Image Access Management](images/image-access-management.png){:width="700px"}
3. Enable Image Access Management to set the permissions for the following categories of images you can manage:
1. Sign into your [Docker Hub](https://hub.docker.com){: target="_blank" rel="noopener" class="_"} account as an organization administrator.
2. Select an organization, and navigate to the **Settings** tab
3. From the **Organizations** page select **Org Permissions**.
4. Enable Image Access Management to set the permissions for the following categories of images you can manage:
- **Organization Images**: When Image Access Management is enabled, images from your organization are always allowed. These images can be public or private created by members within your organization.
- **Docker Official Images**: A curated set of Docker repositories hosted on Hub. They provide OS repositories, best practices for Dockerfiles, drop-in solutions, and applies security updates on time.
- **Docker Verified Publisher Images**: published by Docker partners that are part of the Verified Publisher program and are qualified to be included in the developer secure supply chain. You can set permissions to **Allowed** or **Restricted**.
@ -31,32 +25,14 @@ To configure Image Access Management permissions, perform the following steps:
> **Note**
>
> Image Access Management is set to Disabled by default. However, member(s) of the `owners` Team in your Organization have access to all images regardless of the settings.
> Image Access Management is turned off by default. However, members of the `owners` team in your organization have access to all images regardless of the settings.
4. Select the category restrictions for your images by clicking **Allowed**.
5. Once the restrictions are applied, your members can view the Org permissions page in a read-only format.
## Enforce authentication
To ensure that each org member uses images in a safe and secure environment, you
can perform the following steps below to enforce sign-in under your
organization. To do this:
1. Download the latest version of Docker Desktop, and then
2. Create a `registry.json` file.
Download Docker Desktop 4.0 or a later release.
- [Download and install for Windows](/desktop/install/windows-install)
- [Download and install for Mac](/desktop/install/mac-install/)
- [Download and install for Linux](/desktop/install/linux-install)
{% include configure-registry-json.md %}
5. Select the category restrictions for your images by selecting **Allowed**.
Once the restrictions are applied, your members can view the organization permissions page in a read-only format.
6. Optional: To ensure that each organization member uses images in a safe and secure environment, [enfore sign-in](../docker-hub/configure-sign-in.md).
## Verify the restrictions
To confirm that the restrictions are successful, have each org member pull an image onto their local computer after signing into Docker Desktop. If they are unable to sign in, they will receive an error message.
To confirm that the restrictions are successful, have each organization member pull an image onto their local computer after signing in to Docker Desktop. If they don't sign in, they receive an error message.
For example, if you enable Image Access Management, your members can pull an Organization Image, Docker Official Image, or Verified Publisher Image onto their local machine. If you disable the restrictions, your members can pull any image, including Community Images.
![Image Access Management](images/image-access-management-error.png){:width="700px"}
For example, if you enable Image Access Management, your members can only pull an Organization Image, Docker Official Image, or Verified Publisher Image onto their local machine. If you disable the restrictions, your members can pull any image, including community images.