docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/layouts/shortcodes/admin-image-access.html

28 lines
2.0 KiB
HTML
Raw Blame History

{{ $product_link := "[Docker Hub](https://hub.docker.com)" }}
{{ $iam_navigation := "Select **Organizations**, your organization, **Settings**, and then select **Image Access**." }}
{{ if eq (.Get "product") "admin" }}
{{ $product_link = "the [Admin Console](https://admin.docker.com)" }}
{{ $iam_navigation = "Select your organization in the left navigation drop-down menu, and then select **Image access**." }}
{{ end }}
1. Sign in to {{ $product_link }}.
2. {{ $iam_navigation }}
3. Enable Image Access Management to set the permissions for the following categories of images you can manage:
- **Organization images**: Images from your organization are always allowed by default. These images can be public or private created by members within your organization.
- **Docker Official Images**: A curated set of Docker repositories hosted on Hub. They provide OS repositories, best practices for Dockerfiles, drop-in solutions, and applies security updates on time.
- **Docker Verified Publisher Images**: Images published by Docker partners that are part of the Verified Publisher program and are qualified to be included in the developer secure supply chain.
- **Community images**: These images are disabled by default when Image Access Management is enabled because various users contribute them and they may pose security risks. This category includes Docker-Sponsored Open Source images.
> **Note**
>
> Image Access Management is turned off by default. However, owners in your organization have access to all images regardless of the settings.
4. Select the category restrictions for your images by selecting **Allowed**.
Once the restrictions are applied, your members can view the organization permissions page in a read-only format.
## Verify the restrictions
The new Image Access Management policy takes effect after the developer successfully authenticates to Docker Desktop using their organization credentials. If a developer attempts to pull a disallowed image type using Docker, they receive an error message.
Reference in New Issue View Git Blame Copy Permalink