Access Control in DTR

Repository Visibility
Managing User Accounts
Organizations and Teams
Repository Permission Levels
Summary
References

In this lesson, we’ll explore how to manage users, organizations, teams, and repository permissions in [Docker Trusted Registry][Docker Trusted Registry]. Leveraging DTR’s integration with [Universal Control Plane][Universal Control Plane], you can secure and streamline image sharing across your organization.

Repository Visibility

DTR repositories can be public or private.

Public: Any user with your DTR URL can pull images without authentication.
Private: Only authenticated users with the right permissions can pull images.

To access private repositories, authenticate with docker login <DTR_URL> using a valid DTR account.

The image shows a user interface for creating a new repository with options to set its visibility as public or private. The title "DTR Security" is displayed at the top.

Managing User Accounts

Every push or pull to DTR requires a user account. You have two options:

UCP Accounts
Users created in [Universal Control Plane] are automatically available in DTR.
DTR Local Accounts
Create users directly in the DTR web UI; they’ll also appear in UCP.

The image shows a "Create User" form for Docker, with fields for username, password, and full name, and an option to designate the user as a Docker Enterprise admin.

Organizations and Teams

To collaborate on repositories, group users into organizations and teams:

Create an Organization
Define Teams within that organization
Add Users to each team

Team membership grants access to all repositories assigned to that team.

Organize users into teams by project or role to maintain consistent permissions and reduce administrative overhead.

The image shows a screenshot of the Docker Trusted Registry interface, focusing on organizations and teams, alongside a diagram illustrating a hierarchical team structure.

Repository Permission Levels

Assign one of three permission levels when granting a team access to a repository:

Permission	Actions Allowed
Read	View repository metadata & pull images
Write	Pull, push, tag, and scan images
Admin	Full control: read/write actions plus manage settings

The image shows a user interface for setting repository permissions, with options for read-only, read-write, and admin access. It also includes a table detailing the operations allowed for each permission level.

Summary

Choose public or private visibility based on your security needs.
Use UCP or DTR to manage user accounts seamlessly.
Leverage organizations and teams to simplify collaboration.
Assign granular permission levels (Read, Write, Admin) to control repository access.

By following these best practices, you’ll ensure secure, efficient access control in Docker Trusted Registry.

References

Watch Video

Docker Trusted Registry Operations

Image Scanning

⌘I

Introduction

Docker Engine

Docker Image Management

Docker Engine Security

Docker Engine Networking

Docker Engine Storage

Docker Compose

Docker Swarm

Kubernetes

Docker Engine Enterprise

Docker Trusted Registry

Disaster Recovery

Access Control in DTR

Repository Visibility

Managing User Accounts

Organizations and Teams

Repository Permission Levels

Summary

References

Watch Video

Introduction

Docker Engine

Docker Image Management

Docker Engine Security

Docker Engine Networking

Docker Engine Storage

Docker Compose

Docker Swarm

Kubernetes

Docker Engine Enterprise

Docker Trusted Registry

Disaster Recovery

​Repository Visibility

​Managing User Accounts

​Organizations and Teams

​Repository Permission Levels

​Summary

​References

Watch Video

Repository Visibility

Managing User Accounts

Organizations and Teams

Repository Permission Levels

Summary

References