Update access.md (#22505)

Added Gated Distribution information to docs page.

<!--Delete sections as needed -->

## Description

<!-- Tell us what you did and why -->

## Related issues or tickets

<!-- Related issues, pull requests, or Jira tickets -->

## Reviews

<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->

- [ ] Technical review
- [ ] Editorial review
- [ ] Product review

---------

Signed-off-by: Craig <craig.osterhout@docker.com>
Co-authored-by: Craig Osterhout <103533812+craig-osterhout@users.noreply.github.com>
Co-authored-by: Craig <craig.osterhout@docker.com>

content/manuals/docker-hub/repos/manage/access.md

@@ -132,3 +132,42 @@ To configure team repository permissions:
 Organizations can use OATs. OATs let you assign fine-grained repository access
 permissions to tokens. For more details, see [Organization access
 tokens](/manuals/security/for-admins/access-tokens.md).
+
+## Gated distribution
+
+{{< summary-bar feature_name="Gated distribution" >}}
+
+Gated distribution allows publishers to securely share private container images with external customers or partners, without giving them full organization access or visibility into your teams, collaborators, or other repositories.
+
+This feature is ideal for commercial software publishers who want to control who can pull specific images while preserving a clean separation between internal users and external consumers.
+
+### Key features
+
+- **Private repository distribution**: Content is stored in private repositories and only accessible to explicitly invited users.
+
+- **External access without organization membership**: External users don't need to be added to your internal organization to pull images.
+
+- **Pull-only permissions**: External users receive pull-only access and cannot push or modify repository content.
+
+- **Invite-only access**: Access is granted through authenticated email invites, managed via API.
+
+### Invite distributor members via API
+
+> [!NOTE]
+> When you invite members, you assign them a role. See [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md) for details about the access permissions for each role.
+
+Distributor members (used for gated distribution) can only be invited using the Docker Hub API. UI-based invitations are not currently supported for this role. To invite distributor members, use the Bulk create invites API endpoint.
+
+To invite distributor members:
+
+1. Use the [Authentication API](https://docs.docker.com/reference/api/hub/latest/#tag/authentication-api/operation/AuthCreateAccessToken) to generate a bearer token for your Docker Hub account.
+
+2. Create a team in the Hub UI or use the [Teams API](https://docs.docker.com/reference/api/hub/latest/#tag/groups/paths/~1v2~1orgs~1%7Borg_name%7D~1groups/post).
+
+3. Grant repository access to the team:
+   - In the Hub UI: Navigate to your repository settings and add the team with "Read-only" permissions
+   - Using the [Repository Teams API](https://docs.docker.com/reference/api/hub/latest/#tag/repositories/paths/~1v2~1repositories~1%7Bnamespace%7D~1%7Brepository%7D~1groups/post): Assign the team to your repositories with "read-only" access level
+
+4. Use the [Bulk create invites endpoint](https://docs.docker.com/reference/api/hub/latest/#tag/invites/paths/~1v2~1invites~1bulk/post) to send email invites with the distributor member role. In the request body, set the "role" field to "distributor_member".
+
+5. The invited user will receive an email with a link to accept the invite. After signing in with their Docker ID, they'll be granted pull-only access to the specified private repository as a distributor member.

data/summary.yaml

@@ -173,6 +173,8 @@ Domain management:
 Enforce sign-in:
   subscription: [Business]
   for: Administrators
+Gated distribution:
+  availability: Early Access
 General admin:
   for: Administrators
 GitHub Actions cache: