Granting Permissions for Images
Scenarios
To manage SWR permissions, you can use Identity and Access Management (IAM). For details, see Creating a User and Granting Permissions. If you have the SWR Admin or Tenant Administrator permissions, you become an admin user of SWR and can grant permissions to other IAM users in SWR. To push an image, you must have the edit or manage permission. To pull a private image, you must have the read, edit, or manage permission. To pull a public image, no permission is required.

An admin user is granted image management permission of all organizations by default, even if the user is not in the authorized user list of any organization.
If you are not an SWR admin user, you can request an SWR admin user to grant you permissions to read, edit, or manage a specific image or images in a specific organization.
Examples
- Example 1: An IAM user with the ServiceStage Developer permission (SWR read-only permission) wants to pull the nginx image created by the SWR administrator in the group organization.
Solution: On the details page of the nginx image, the SWR administrator grants the read permission to the IAM user.
- Example 2: An SWR administrator wants to grant an external user the permission to push images to the organization, but the user is not allowed to log in to the console and can only push images through the container engine client.
Solution: On the Users tab of the details page of the organization, the SWR administrator grants the edit permission to the user. In IAM, the administrator sets Access Type to Programmatic access.
Figure 1 Changing the access type
Authorization Methods
In SWR, you can grant permissions to IAM users in either of the following ways:
- Grant permissions for a specific image to allow IAM users to read, edit, and manage the image.
- Grant permissions for an organization to allow IAM users to read, edit, and manage all the images in the organization.
Figure 2 User permissions
You can add the following three types of permissions to users:
- Read: Users can only pull images.
- Edit: Users can pull and push images, edit images, and add triggers.
- Manage: Users can pull and push images, delete images or tags, edit images, grant permissions, add triggers, and share images with other users.

To upload images to an organization on the SWR console, users need to have permission to edit or manage the organization. The edit and manage permissions granted on image details pages are not sufficient enough to upload images.
Granting Permissions for a Specific Image
To allow IAM users of your account to read, edit, and manage a specific image, grant the required permissions to the users on the details page of this image.
- Log in to the SWR console.
- In the navigation pane, choose My Images. Then click the name of the target image.
- On the image details page, click the Permissions tab.
- Click Grant Permission. In the displayed dialog box, enter an IAM username, and then select Read, Edit, or Manage. Click OK.
Modifying or Deleting Permissions for a Specific Image
You can modify or delete user permissions on the details page of an image.
- To modify permissions, click the Permissions tab on the details page of an image. Locate a user and click Edit in the Operation column. Select a permission in the Permission drop-down list and click Save.
- To delete permissions, click the Permissions tab on the details page of an image. Locate a user and click Delete in the Operation column. Click OK.
Granting Permissions for an Organization
After an IAM user is created, the administrator needs to grant this user the permissions for an organization so that this user can read, edit, and manage images in the organization.
Only accounts and IAM users who have the Manage permission can grant permissions to other users.
- Log in to the SWR console.
- In the navigation pane, choose Organizations. Locate the target organization and click its name.
- On the Users tab, click Grant Permission. In the displayed dialog box, enter an IAM username, and then select a permission for the user. Click OK.
Modifying or Deleting Permissions for an Organization
You can modify or delete user permissions for an organization.
- To modify permissions, on the Users tab, locate a user and click Edit in the Operation column. Select a permission in the Permission drop-down list and click Save.
- To delete permissions, on the Users tab, locate a user and click Delete in the Operation column. Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot