docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Engdocs 1271 (#16974) 

* repo level access

* align to style guide

* fix links

* fix links

* fix links

* fix links

* Update docker-hub/manage-a-team.md

Co-authored-by: Craig Osterhout <103533812+craig-osterhout@users.noreply.github.com>

* Update docker-hub/manage-a-team.md

---------

Co-authored-by: Craig Osterhout <103533812+craig-osterhout@users.noreply.github.com>
This commit is contained in:
Allie Sadler 2023-03-28 10:48:14 +01:00 committed by GitHub
parent b9a03c08b7
commit 99f7e9bd44
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 92 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_data/toc.yaml
View File

@ -1863,7 +1863,7 @@ manuals:
- path: /docker-hub/convert-account/
title: Convert an account into an organization
- path: /docker-hub/manage-a-team/
title: Manage a team
title: Create and manage a team
- path: /docker-hub/members/
title: Manage members
- path: /docker-hub/configure-sign-in/

67
docker-hub/manage-a-team.md
View File

@ -1,14 +1,12 @@
---
description: Docker Hub Teams & Organizations
keywords: Docker, docker, registry, teams, organizations, plans, Dockerfile, Docker Hub, docs, documentation
title: Teams and Organizations
title: Create and manage a team
---
## Create a team
A **Team** is a group of Docker users that belong to an organization. An
A team is a group of Docker users that belong to an organization. An
organization can have multiple teams. When you first create an organization,
youll see that you have a team, the **owners** team, with a single member. An
youll see that you have a team, the owners team, with a single member. An
organization owner can then create new teams and add members to an existing team
using their Docker ID or email address and by selecting a team the user should be part of.
@ -16,21 +14,22 @@ The org owner can add additional org owners to the owners team to help them
manage users, teams, and repositories in the organization. See [Owners
team](#the-owners-team) for details.
To create a team:
## Create a team
1. Go to **Organizations** in Docker Hub, and select your organization.
2. Open the **Teams** tab and click **Create Team**.
3. Fill out your team's information and click **Create**.
2. Select the **Teams** tab and then select **Create Team**.
3. Fill out your team's information and select **Create**.
4. [Add members to your team](members.md#add-a-member-to-a-team)
### The owners team
## The owners team
The **owners** team is a special team created by default during the org creation
The owners team is a special team created by default during the org creation
process. The owners team has full access to all repositories in the organization.
An organization owner is an administrator who is responsible to manage
repositories and add team members to the organization. They have full access to
private repositories, all teams, billing information, and org settings. An org
owner can also specify [permissions](../docker-hub/repos/access/index.md#permissions-reference) for each team in
owner can also specify [permissions](#permissions-reference) for each team in
the organization. Only an org owner can enable [SSO](../single-sign-on/index.md)
for
the organization. When SSO is enabled for your organization, the org owner can
@ -40,30 +39,60 @@ enforcement.
The org owner can also add additional org owners to help them manage users, teams, and repositories in the organization.
## Configure repository permissions
## Configure repository permissions for a team
Organization owners can configure repository permissions on a per-team basis.
For example, you can specify that all teams within an organization have Read and
Write access to repositories A and B, whereas only specific teams have Admin
For example, you can specify that all teams within an organization have "Read and
Write" access to repositories A and B, whereas only specific teams have "Admin"
access. Note that org owners have full administrative access to all repositories within the organization.
To give a team access to a repository
1. Navigate to **Organizations** in Docker Hub, and select your organization.
2. Click on the **Teams** tab and select the team that you'd like to configure repository access to.
3. Click on the **Permissions** tab and select a repository from the
2. Select the **Teams** tab and select the team that you'd like to configure repository access to.
3. Select the **Permissions** tab and select a repository from the
**Repository** drop-down.
4. Choose a permission from the **Permissions** drop-down list and click
4. Choose a permission from the **Permissions** dropdown list and select
**Add**.
![Team Repo Permissions](images/team-repo-permission.png){:width="700px"}
### View a team's permissions for all repositories
### Permissions reference
- `Read-only` access lets users view, search, and pull a private repository in the same way as they can a public repository.
- `Read & Write` access lets users pull, push, and view a repository. In addition, it lets users view, cancel, retry or trigger builds
- `Admin` access lets users pull, push, view, edit, and delete a
repository. You can also edit build settings, and update the repositories description, collaborators rights, public/private visibility, and delete.
Permissions are cumulative. For example, if you have "Read & Write" permissions,
you automatically have "Read-only" permissions:
| Action | Read-only | Read & Write | Admin |
|:------------------:|:---------:|:------------:|:-----:|
| Pull a Repository | ✅ | ✅ | ✅ |
| View a Repository | ✅ | ✅ | ✅ |
| Push a Repository | ❌ | ✅ | ✅ |
| Edit a Repository | ❌ | ❌ | ✅ |
| Delete a Repository | ❌ | ❌ | ✅ |
| Update a Repository Description | ❌ | ❌ | ✅ |
| View Builds | ✅ | ✅ | ✅ |
| Cancel Builds | ❌ | ✅ | ✅ |
| Retry Builds | ❌ | ✅ | ✅ |
| Trigger Builds | ❌ | ✅ | ✅ |
| Edit Build Settings | ❌ | ❌ | ✅ |
> **Note**
>
> A user who hasn't verified their email address only has
> `Read-only` access to the repository, regardless of the rights their team
> membership has given them.
## View a team's permissions for all repositories
To view a team's permissions across all repositories:
1. Open **Organizations** > **_Your Organization_** > **Teams** > **_Team Name_**.
2. Click on the **Permissions** tab, where you can view the repositories this team can access.
2. Select the **Permissions** tab, where you can view the repositories this team can access.
## Videos

26
docker-hub/members.md
View File

@ -22,8 +22,8 @@ Use the following steps to invite members to your organization via Docker ID or
5. Select a team from the drop-down list to add all invited users to that team.
> **Note**
>
> It is recommended that you invite non-administrative users to a team other than the owners team. Members in the owners team will have full access to your organizations administrative settings. To create a new team, see [Create a team](../docker-hub/orgs.md/#create-a-team).
6. Click **Invite** to confirm.
> It is recommended that you invite non-administrative users to a team other than the owners team. Members in the owners team will have full access to your organizations administrative settings. To create a new team, see [Create a team](manage-a-team.md).
6. Select **Invite** to confirm.
> **Note**
>
> You can view the pending invitations in the **Members** tab. The invitees receive an email with a link to the organization in Docker Hub where they can accept or decline the invitation.
@ -39,7 +39,7 @@ To invite multiple members to your organization via a CSV file containing email
4. Select a team from the drop-down list to add all invited users to that team.
> **Note**
>
> It is recommended that you invite non-administrative users to a team other than the owners team. Members in the owners team will have full access to your organizations administrative settings. To create a new team, see [Create a team](../docker-hub/orgs.md/#create-a-team).
> It is recommended that you invite non-administrative users to a team other than the owners team. Members in the owners team will have full access to your organizations administrative settings. To create a new team, see [Create a team](manage-a-team.md).
5. Select **Download the template CSV file** to optionally download an example CSV file. The following is an example of the contents of a valid CSV file.
```
email
@ -63,7 +63,7 @@ To invite multiple members to your organization via a CSV file containing email
- **Already invited**: The user has already been sent an invite email and another invite email will not be sent.
- **Member**: The user is already a member of your organization and an invite email will not be sent.
- **Duplicate**: The CSV file has multiple occurrences of the same email address. The user will be sent only one invite email.
9. Click **Send invites**.
9. Select **Send invites**.
> **Note**
>
> You can view the pending invitations in the **Members** tab. The invitees receive an email with a link to the organization in Docker Hub where they can accept or decline the invitation.
@ -75,13 +75,13 @@ Organization owners can add a member to one or more teams within an organization
To add a member to a team:
1. Navigate to **Organizations** in [Docker Hub](https://hub.docker.com){: target="_blank" rel="noopener" class="_"}, and select your organization.
2. In the **Members** tab, click the additional options from the table menu and select **Add to team**.
2. In the **Members** tab, select the additional options from the table menu and select **Add to team**.
> **Note**
>
> You can also navigate to **Organizations** > **Your Organization** > **Teams** > **Your Team Name** and click **Add Member**. Select a member from the drop-down list to add them to the team or search by Docker ID or email.
> You can also navigate to **Organizations** > **Your Organization** > **Teams** > **Your Team Name** and select **Add Member**. Select a member from the drop-down list to add them to the team or search by Docker ID or email.
3. Select the team and click **Add**.
3. Select the team and then select **Add**.
> **Note**
>
@ -93,7 +93,7 @@ To resend an invitation if the invite is pending or declined:
1. Navigate to **Organizations** in [Docker Hub](https://hub.docker.com){: target="_blank" rel="noopener" class="_"} and select your organization.
2. In the **Members** tab, locate the invitee and select **Resend invitation** from the table menu.
3. Click **Invite** to confirm.
3. Select **Invite** to confirm.
## Remove members
@ -101,20 +101,20 @@ To remove a member from an organization:
1. Navigate to **Organizations** in [Docker Hub](https://hub.docker.com){: target="_blank" rel="noopener" class="_"}, and select your organization.
2. In the **Members** tab, select Remove member from the table menu.
3. When prompted, click **Remove** to confirm.
3. When prompted, select **Remove** to confirm.
To remove an invitee from an organization:
1. Navigate to **Organizations** in [Docker Hub](https://hub.docker.com){: target="_blank" rel="noopener" class="_"}, and select your organization.
2. In the **Members** tab, locate the invitee you would like to remove and select **Remove invitee** from the table menu.
3. When prompted, click **Remove** to confirm.
3. When prompted, select **Remove** to confirm.
To remove a member from a specific team:
1. Navigate to **Organizations** in [Docker Hub](https://hub.docker.com){: target="_blank" rel="noopener" class="_"}, and select your organization.
2. Click on the **Teams** tab and select the team from the list.
3. Click the **X** next to the users name to remove them from the team.
4. When prompted, click **Remove** to confirm.
2. Select on the **Teams** tab and select the team from the list.
3. Select the **X** next to the users name to remove them from the team.
4. When prompted, select **Remove** to confirm.
## Export members

2
docker-hub/onboard-business.md
View File

@ -58,7 +58,7 @@ Configure security settings and manage your repositories:
- Create [repositories](../docker-hub/repos/index.md) to share container images.
- [Move images](../docker-hub/repos/index.md/#move-images-between-repositories) from your personal account to your organization.
- Create [teams](../docker-hub/orgs.md/#create-a-team) and configure [repository permissions](../docker-hub/orgs.md/#configure-repository-permissions).
- Create [teams](manage-a-team.md) and configure [repository permissions](manage-a-team.md#configure-repository-permissions-for-a-team).
- Configure [Hardened Docker Desktop](../desktop/hardened-desktop/index.md) to improve your organizations security posture for containerized development. Hardened Docker Desktop includes:
- [Settings Management](../desktop/hardened-desktop/settings-management/index.md), which helps you to confidently manage and control the usage of Docker Desktop within your organization.
- [Enhanced Container Isolation](../desktop/hardened-desktop/enhanced-container-isolation/index.md), a setting that instantly enhances security by preventing containers from running as root in Docker Desktops Linux VM.

2
docker-hub/onboard-team.md
View File

@ -50,7 +50,7 @@ Create and manage your repositories:
- Create [repositories](../docker-hub/repos/index.md) to share container images.
- [Consolidate a repository](../docker-hub/repos/index.md/#move-images-between-repositories) from your personal account to your organization.
- Create [teams](../docker-hub/orgs.md/#create-a-team) and configure [repository permissions](../docker-hub/orgs.md/#configure-repository-permissions).
- Create [teams](manage-a-team.md#create-a-team) and configure [repository permissions](manage-a-team.md#configure-repository-permissions-for-a-team).
Your Docker Team subscription provides many more additional features. [Learn more](../subscription/index.md).

8
docker-hub/onboarding-faqs.md
View File

@ -39,14 +39,14 @@ The organization name, sometimes referred to as the organization namespace or th
### Whats a team?
A **Team** is a group of Docker users that belong to an organization. An organization can have multiple teams. When you first create an organization, youll see that you have a team, the owners team, with a single member. An organization owner can then create new teams and add members to an existing team using Docker IDs or email address and by selecting a team the user should be part of. [Learn more](orgs.md#create-a-team).
A **Team** is a group of Docker users that belong to an organization. An organization can have multiple teams. When you first create an organization, youll see that you have a team, the owners team, with a single member. An organization owner can then create new teams and add members to an existing team using Docker IDs or email address and by selecting a team the user should be part of. [Learn more](manage-a-team.md).
### Who is an organization owner?
An organization owner is an administrator who is responsible to manage
repositories and add team members to the organization. They have full access to
private repositories, all teams, billing information, and organization settings.
An organization owner can also specify [permissions](orgs.md#configure-repository-permissions) for each team in the
An organization owner can also specify [permissions](manage-a-team.md#configure-repository-permissions-for-a-team) for each team in the
organization. Only an organization owner can enable SSO for the organization.
When SSO is enabled for your organization, the organization owner can also
manage users.
@ -62,7 +62,7 @@ An existing owner can add additional team members as organization owners. All
they need to do is select the organization from the
[Organizations](https://hub.docker.com/orgs){: target="_blank" rel="noopener"
class="_"} page in Docker Hub, add the Docker ID/Email of the user, and then
select the **Owners** team from the drop-down menu. [Learn more](orgs.md#the-owners-team).
select the **Owners** team from the drop-down menu. [Learn more](manage-a-team.md#the-owners-team).
### Do users first need to authenticate with Docker before an owner can add them to an organization?
@ -127,7 +127,7 @@ Yes. You can configure repository access on a per-team basis. For example, you
can specify that all teams within an organization have **Read and Write** access
to repositories A and B, whereas only specific teams have **Admin** access. Org
owners have full administrative access to all repositories within the
organization. [Learn more](orgs.md#configure-repository-permissions).
organization. [Learn more](manage-a-team.md#configure-repository-permissions-for-a-team).
### Can I configure multiple SSO identity providers (IdPs) to authenticate users to a single org?

111
docker-hub/orgs.md
View File

@ -6,21 +6,17 @@ redirect_from:
- /docker-cloud/orgs/
---
Docker Hub organizations let you create teams so you can give your team access
to shared image repositories.
An **Organization** is a collection of teams and repositories
that can be managed together. A **Team** is a group of Docker members that belong to an organization.
An organization in Docker Hub is a collection of teams and repositories
that can be managed together. A team is a group of Docker members that belong to an organization.
An organization can have multiple teams.
Docker users become members of an organization
when they are assigned to at least one team in the organization. When you first
create an organization, youll see that you have a team, the **owners** (Admins)
team, with a single member. An organization owner is someone that is part of the
create an organization, you have one team, the "owners" team, that has a single member. An organization owner is someone that is part of the
owners team. They can create new teams and add
members to an existing team using their Docker ID or email address and by
selecting a team the user should be part of. An org owner can also add
additional org owners to help them manage users, teams, and repositories in the
selecting a team the user should be part of. An organization owner can also add
additional owners to help them manage users, teams, and repositories in the
organization.
## Create an organization
@ -36,12 +32,12 @@ To create an organization:
1. Sign into [Docker Hub](https://hub.docker.com/){: target="_blank"
rel="noopener" class="_"} using your [Docker ID](../docker-id/index.md) or your email address.
2. Select **Organizations**. Click **Create Organization** to create a new organization.
2. Select **Organizations** and then **Create Organization** to create a new organization.
3. Choose a plan for your organization. See [Docker Pricing](https://www.docker.com/pricing/){: target="_blank" rel="noopener"
class="_" id="dkr_docs_subscription_btl"} for details on the features offered
in the Team and Business plan.
4. Enter a name for your organization. This is the official, unique name for
your organization in Docker Hub. Note that it is not possible to change the name
your organization in Docker Hub. It is not possible to change the name
of the organization after you've created it.
> **Note**
@ -51,21 +47,19 @@ of the organization after you've created it.
5. Enter the name of your company. This is the full name of your company.
This info is displayed on your organization page, and in the details of any
public images you publish. You can update the company name anytime by navigating
to your organization's **Settings** page. Click **Continue to Org size**.
6. On the Organization Size page, specify the number of users (seats) you'd
require and click **Continue to payment**.
to your organization's **Settings** page.
6. Select **Continue to Org size** and then specify the number of users (seats) you'd
require.
7. Select **Continue to payment** and follow the onscreen instructions.
You've now created an organization. Select the newly created organization from
the Organizations page. You'll now see that you have a team, the **owners** team
with a single member (you).
You've now created an organization with one team, the owners team, with you as the single member.
### View an organization
## View an organization
To view an organization:
1. Log into Docker Hub with a user account that is a member of any team in the
organization. You must be part of the **owners** team to access the
organization's **Settings** page.
1. Sign in to Docker Hub with a user account that is a member of any team in the
organization.
> **Note**
>
@ -77,21 +71,19 @@ To view an organization:
> conversion or another account that was added as a member. If you
> don't see the organization after logging in,
> then you are neither a member or an owner of it. An organization
> administrator will need to add you as a member of the organization.
> administrator needs to add you as a member of the organization.
2. Click **Organizations** in the top navigation bar, then choose your
2. Select **Organizations** in the top navigation bar, then choose your
organization from the list.
![View organization details](images/view-org.png){:width="700px"}
The Organization landing page displays various options that allow you to
The organization landing page displays various options that allow you to
configure your organization.
- **Members**: Displays a list of team members. You
can invite new members using the **Invite members** button. See [Manage members](../docker-hub/members.md) for details.
- **Teams**: Displays a list of existing teams and the number of
members in each team. See [Create a team](#create-a-team) for details.
members in each team. See [Create a team](manage-a-team.md) for details.
- **Repositories**: Displays a list of repositories associated with the
organization. See [Repositories](../docker-hub/repos/index.md) for detailed information about
@ -106,74 +98,13 @@ configure your organization.
organization, and allows you to view and change your repository privacy
settings, configure org permissions such as
[Image Access Management](image-access-management.md), configure notification settings, and [deactivate](deactivate-account.md#deactivate-an-organization) your
organization. You can also update your organization name and company name that appear on your organization landing page.
organization. You can also update your organization name and company name that appear on your organization landing page. You must be part of the owners team to access the
organization's **Settings** page.
- **Billing**: Displays information about your existing
[Docker subscription (plan)](../subscription/index.md) and your billing history.
You can also access your invoices from this tab.
## Create a team
A **Team** is a group of Docker users that belong to an organization. An
organization can have multiple teams. When you first create an organization,
youll see that you have a team, the **owners** team, with a single member. An
organization owner can then create new teams and add members to an existing team
using their Docker ID or email address and by selecting a team the user should be part of.
The org owner can add additional org owners to the owners team to help them
manage users, teams, and repositories in the organization. See [Owners
team](#the-owners-team) for details.
To create a team:
1. Go to **Organizations** in Docker Hub, and select your organization.
2. Open the **Teams** tab and click **Create Team**.
3. Fill out your team's information and click **Create**.
### The owners team
The **owners** team is a special team created by default during the org creation
process. The owners team has full access to all repositories in the organization.
An organization owner is an administrator who is responsible to manage
repositories and add team members to the organization. They have full access to
private repositories, all teams, billing information, and org settings. An org
owner can also specify [permissions](../docker-hub/repos/access/index.md#permissions-reference) for each team in
the organization. Only an org owner can enable [SSO](../single-sign-on/index.md)
for
the organization. When SSO is enabled for your organization, the org owner can
also manage users. Docker can auto-provision Docker IDs for new end-users or
users who'd like to have a separate Docker ID for company use through SSO
enforcement.
The org owner can also add additional org owners to help them manage users, teams, and repositories in the organization.
## Configure repository permissions
Organization owners can configure repository permissions on a per-team basis.
For example, you can specify that all teams within an organization have Read and
Write access to repositories A and B, whereas only specific teams have Admin
access. Note that org owners have full administrative access to all repositories within the organization.
To give a team access to a repository
1. Navigate to **Organizations** in Docker Hub, and select your organization.
2. Click on the **Teams** tab and select the team that you'd like to configure repository access to.
3. Click on the **Permissions** tab and select a repository from the
**Repository** drop-down.
4. Choose a permission from the **Permissions** drop-down list and click
**Add**.
![Team repository permissions view](images/team-repo-permission.png){:width="700px"}
### View a team's permissions for all repositories
To view a team's permissions across all repositories:
1. Open **Organizations** > **_Your Organization_** > **Teams** > **_Team Name_**.
2. Click on the **Permissions** tab, where you can view the repositories this team can access.
## Videos
You can also check out the following videos for information about creating Teams

16
docker-hub/repos/access/index.md
View File

@ -23,22 +23,6 @@ You can also assign more granular collaborator rights ("Read", "Write", or
"Admin") on Docker Hub by using organizations and teams. For more information
see the [organizations documentation](../../../docker-hub/orgs.md#create-an-organization).
### Permissions reference
Permissions are cumulative. For example, if you have Read & Write permissions,
you automatically have Read-only permissions:
- `Read-only` access lets users view, search, and pull a private repository in the same way as they can a public repository.
- `Read & Write` access lets users pull, push, and view a repository. In addition, it lets users view, cancel, retry or trigger builds
- `Admin` access lets users pull, push, view, edit, and delete a
repository. You can also edit build settings, and update the repositories description, collaborators rights, public/private visibility, and delete.
> **Note**
>
> A user who hasn't verified their email address only has
> `Read-only` access to the repository, regardless of the rights their team
> membership has given them.
## View repository tags
You can view the available tags and the size of the associated image. Go to the **Repositories** view and select a repository to see its tags. To view individual tags, select the **Tags** tab.

2
docker-hub/repos/create.md
View File

@ -21,7 +21,7 @@ command.
When creating a new repository:
- You can choose to locate it under your own user account, or under any
[organization](../../docker-hub/orgs.md) where you are an [owner](../../docker-hub/orgs.md#the-owners-team).
[organization](../../docker-hub/orgs.md) where you are an [owner](../manage-a-team.md#the-owners-team).
- The repository name needs to:
- Be unique
- Have between 2 and 255 characters

4
docker-hub/service-accounts.md
View File

@ -41,9 +41,9 @@ Refer to the following table for details on the Enhanced Service Account add-on
To create a new service account for your Team account:
1. Create a new Docker ID.
2. Create a [team](orgs.md#create-a-team) in your organization and grant it read-only access to your private repositories.
2. Create a [team](manage-a-team.md) in your organization and grant it read-only access to your private repositories.
3. Add the new Docker ID to your [organization](orgs.md).
4. Add the new Docker ID to the [team](orgs.md#create-a-team) you created earlier.
4. Add the new Docker ID to the [team](manage-a-team.md) you created earlier.
5. Create a new [personal access token (PAT)](/access-tokens.md) from the user account and use it for CI.
> **Note**