Update access.md (#22505)

Added Gated Distribution information to docs page.

<!--Delete sections as needed -->

## Description

<!-- Tell us what you did and why -->

## Related issues or tickets

<!-- Related issues, pull requests, or Jira tickets -->

## Reviews

<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->

- [ ] Technical review
- [ ] Editorial review
- [ ] Product review

---------

Signed-off-by: Craig <craig.osterhout@docker.com>
Co-authored-by: Craig Osterhout <103533812+craig-osterhout@users.noreply.github.com>
Co-authored-by: Craig <craig.osterhout@docker.com>
This commit is contained in:
sheltongraves 2025-05-14 13:26:38 -04:00 committed by GitHub
parent 2b68133dc9
commit fd2f88e908
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 41 additions and 0 deletions

View File

@ -132,3 +132,42 @@ To configure team repository permissions:
Organizations can use OATs. OATs let you assign fine-grained repository access
permissions to tokens. For more details, see [Organization access
tokens](/manuals/security/for-admins/access-tokens.md).
## Gated distribution
{{< summary-bar feature_name="Gated distribution" >}}
Gated distribution allows publishers to securely share private container images with external customers or partners, without giving them full organization access or visibility into your teams, collaborators, or other repositories.
This feature is ideal for commercial software publishers who want to control who can pull specific images while preserving a clean separation between internal users and external consumers.
### Key features
- **Private repository distribution**: Content is stored in private repositories and only accessible to explicitly invited users.
- **External access without organization membership**: External users don't need to be added to your internal organization to pull images.
- **Pull-only permissions**: External users receive pull-only access and cannot push or modify repository content.
- **Invite-only access**: Access is granted through authenticated email invites, managed via API.
### Invite distributor members via API
> [!NOTE]
> When you invite members, you assign them a role. See [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md) for details about the access permissions for each role.
Distributor members (used for gated distribution) can only be invited using the Docker Hub API. UI-based invitations are not currently supported for this role. To invite distributor members, use the Bulk create invites API endpoint.
To invite distributor members:
1. Use the [Authentication API](https://docs.docker.com/reference/api/hub/latest/#tag/authentication-api/operation/AuthCreateAccessToken) to generate a bearer token for your Docker Hub account.
2. Create a team in the Hub UI or use the [Teams API](https://docs.docker.com/reference/api/hub/latest/#tag/groups/paths/~1v2~1orgs~1%7Borg_name%7D~1groups/post).
3. Grant repository access to the team:
- In the Hub UI: Navigate to your repository settings and add the team with "Read-only" permissions
- Using the [Repository Teams API](https://docs.docker.com/reference/api/hub/latest/#tag/repositories/paths/~1v2~1repositories~1%7Bnamespace%7D~1%7Brepository%7D~1groups/post): Assign the team to your repositories with "read-only" access level
4. Use the [Bulk create invites endpoint](https://docs.docker.com/reference/api/hub/latest/#tag/invites/paths/~1v2~1invites~1bulk/post) to send email invites with the distributor member role. In the request body, set the "role" field to "distributor_member".
5. The invited user will receive an email with a link to accept the invite. After signing in with their Docker ID, they'll be granted pull-only access to the specified private repository as a distributor member.

View File

@ -173,6 +173,8 @@ Domain management:
Enforce sign-in:
subscription: [Business]
for: Administrators
Gated distribution:
availability: Early Access
General admin:
for: Administrators
GitHub Actions cache: