- What's new
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- Introduction
- Permissions Management
- Basics of the Container Engine
-
Image Management
- Uploading an Image Through a Container Engine Client (Recommended)
- Obtaining a Long-Term Valid Login Command
- Uploading an Image Through SWR Console
- Pulling an Image
- Setting Image Attributes
- Sharing a Private Image
- Adding a Trigger
- Adding an Image Retention Policy
- Configuring Automatic Image Synchronization Between Regions
- Image Center
- Organization Management
- User Permissions
- Auditing
- Change History
- Best Practices
-
API Reference
- Before You Start
- Calling APIs
- API Overview
-
API
- Organization Management
- Managing Image Repositories
- Image Tag Management
- Shared Account Management
- API Version
- Organization Permission Management
- Image Permission Management
- Image Synchronization Management
- Trigger Management
- Image Retention Policy Management
- Temporary Login Command
- Quota Management
- Other
- Example Applications
- Appendixes
- SDK Reference
-
FAQs
- General FAQs
- Login Issues
- Synchronizing Images
- Pushing an Image
- Pulling an Image
-
Troubleshooting
- Why Does the Login Command Fail to Be Executed?
- Why Does an Image Fail to Be Pushed Through a Container Engine Client?
- Why Does an Image Fail to Be Uploaded Through SWR Console?
- Why Does the docker pull Command Fail to Be Executed?
- What Should I Do If Images Cannot Be Downloaded from Private Networks?
- What Do I Do If an Error Occurs When I Call an API?
-
Other FAQs
- Why Does a CCE Workload Cannot Pull an Image from SWR and a Message "Not Logged In" Is Displayed?
- How Many Tenants Can I Share an SWR Private Image With?
- Why Is an Image Pushed Using a Container Engine Client to SWR Different in Size From One Uploaded Through the SWR Console?
- Can I Pull Images on the SWR Console to a Local PC?
- Videos
- Glossary
-
More Documents
- User Guide
- API Reference
- User Guide (Paris Regions)
- API Reference (Paris Regions)
- User Guide (Kuala Lumpur Region)
- API Reference (Kuala Lumpur Region)
-
User Guide (Ankara Region)
- Service Overview
- Overview
- Permissions Management
- Basics of Docker
-
Image Management
- Pushing an Image Through a Container Engine Client
- Obtaining a Long-Term Valid Docker Login Command
- Obtaining a Long-Term Valid containerd Pull/Push Command
- Uploading an Image Through the SWR Console
- Pulling an Image
- Setting Image Attributes
- Sharing Private Images
- Adding a Trigger
- Adding an Image Retention Policy
- Organization Management
- User Permissions
- FAQs
-
API Reference (Ankara Region)
- Before You Start
- API Overview
- Calling APIs
- API
- Appendixes
- Permissions and Supported Actions
- General Reference
Copied.
User Permissions
Scenario
To manage SWR permissions, you can use Identity and Access Management (IAM). For details about how to set permissions, see Creating a User and Granting SWR Permissions. If you have the SWR Admin or Tenant Administrator permission, you become an admin user of SWR. You can grant permissions to other IAM users in SWR.
An admin user is granted image management permission of all organizations by default, even if the user is not in the authorized user list of the organizations.
If you are not an SWR admin user, you can request an SWR admin user to grant you permissions to read, write, or manage a specific image or images in a specific organization.
Scenarios
- Example 1: An IAM user having the ServiceStage Developer permission (SWR read-only permission) wants to pull the Nginx image created by the SWR administrator in the group organization.
Solution: The SWR administrator grants the read permission on the Nginx image details page to the IAM user and then the image can be pulled.
- Example 2: An SWR administrator wants to grant an external user the permission to push images to the organization, but the user is not allowed to log in to the console and can only push images through the container engine client.
Solution: The SWR administrator grants the edit permission to the user on the Users tab page of the organization details page and set Access Type to Programmatic access in IAM.
Figure 1 Changing the access type
Authorization Methods
IAM users in SWR can have permissions by using either of the following methods:
- Grant permissions of a specific image to allow IAM users to read, write, and manage the image.
- Grant permissions of an organization to allow IAM users to read, write, and manage all the images in the organization.
Figure 2 User permissions
You can add the following three types of permissions to users:
- Read: Users can only pull images.
- Write: Users can pull and push images, edit image attributes, and add triggers.
- Manage: Users can pull and push images, delete images or tags, edit image attributes, grant permissions, add triggers, and share images with other users.
To upload images to an organization, you require the write or manage permission for the organization to which images are uploaded. Write and manage permissions added on the image details pages will not be sufficient to upload images.
Granting Permissions of a Specific Image
To allow IAM users of your account to read, write, and manage a specific image, add the required permissions to the users on the details page of this image.
- Log in to the SWR console.
- In the navigation pane, choose My Images and click the desired image.
- On the image details page, click the Permissions tab.
- Click Add Permission. On the page displayed, enter an IAM username, and then click Read, Write, or Manage. Click OK to confirm.
Modifying or Deleting Permissions of a Specific Image
You can also modify or delete user permissions on the image details page.
- To modify permissions, click the Permissions tab on the image details page, and click Edit in the row of the desired username. Select a permission in the Permission drop-down list, and click Save in the Operation column.
- To delete permissions, click Delete in the row of the desired username on the Permissions tab page, and then click OK.
Granting Permissions of an Organization
After an IAM user is created, the administrator needs to grant permissions to the user in the organization so that the user can read, edit, and manage images in the organization.
Only accounts and IAM users who have the Manage permission can add permissions for other users.
- Log in to the SWR console.
- In the navigation pane, choose Organizations. Then click View Details in the row of the desired organization.
- On the Users tab page, click Add Permission. In the dialog box displayed, enter an IAM username, select permissions for the user and click OK.
Modifying or Deleting Permissions of an Organization
You can also modify and delete user permissions of an organization.
- To modify permissions, click Edit in the row of the desired username on the Users tab page. Select a permission in the Permission drop-down list, and click Save in the Operation column.
- To delete permissions, click Delete in the row of the desired username on the Users tab page, and then click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot