Updated on 2025-06-30 GMT+08:00

Granting Permissions for Images

Scenarios

To manage SWR permissions, you can use Identity and Access Management (IAM). For details, see Creating a User and Granting Permissions. If you have the SWR Admin or Tenant Administrator permissions, you become an admin user of SWR and can grant permissions to other IAM users in SWR. To push an image, you must have the edit or manage permission. To pull a private image, you must have the read, edit, or manage permission. To pull a public image, no permission is required.

An admin user is granted image management permission of all organizations by default, even if the user is not in the authorized user list of any organization.

If you are not an SWR admin user, you can request an SWR admin user to grant you permissions to read, edit, or manage a specific image or images in a specific organization.

Examples

  • Example 1: An IAM user with the ServiceStage Developer permission (SWR read-only permission) wants to pull the nginx image created by the SWR administrator in the group organization.

    Solution: On the details page of the nginx image, the SWR administrator grants the read permission to the IAM user.

  • Example 2: An SWR administrator wants to grant an external user the permission to push images to the organization, but the user is not allowed to log in to the console and can only push images through the container engine client.

    Solution: On the Users tab of the details page of the organization, the SWR administrator grants the edit permission to the user. In IAM, the administrator sets Access Type to Programmatic access.

    Figure 1 Changing the access type

Authorization Methods

In SWR, you can grant permissions to IAM users in either of the following ways:

You can add the following three types of permissions to users:

  • Read: Users can only pull images.
  • Edit: Users can pull and push images, edit images, and add triggers.
  • Manage: Users can pull and push images, delete images or tags, edit images, grant permissions, add triggers, and share images with other users.

To upload images to an organization on the SWR console, users need to have permission to edit or manage the organization. The edit and manage permissions granted on image details pages are not sufficient enough to upload images.

Granting Permissions for a Specific Image

To allow IAM users of your account to read, edit, and manage a specific image, grant the required permissions to the users on the details page of this image.

  1. Log in to the SWR console.
  2. In the navigation pane, choose My Images. Then click the name of the target image.
  3. On the image details page, click the Permissions tab.

  4. Click Grant Permission. In the displayed dialog box, enter an IAM username, and then select Read, Edit, or Manage. Click OK.

Modifying or Deleting Permissions for a Specific Image

You can modify or delete user permissions on the details page of an image.

  • To modify permissions, click the Permissions tab on the details page of an image. Locate a user and click Edit in the Operation column. Select a permission in the Permission drop-down list and click Save.

  • To delete permissions, click the Permissions tab on the details page of an image. Locate a user and click Delete in the Operation column. Click OK.

Granting Permissions for an Organization

After an IAM user is created, the administrator needs to grant this user the permissions for an organization so that this user can read, edit, and manage images in the organization.

Only accounts and IAM users who have the Manage permission can grant permissions to other users.

  1. Log in to the SWR console.
  2. In the navigation pane, choose Organizations. Locate the target organization and click its name.
  3. On the Users tab, click Grant Permission. In the displayed dialog box, enter an IAM username, and then select a permission for the user. Click OK.

Modifying or Deleting Permissions for an Organization

You can modify or delete user permissions for an organization.

  • To modify permissions, on the Users tab, locate a user and click Edit in the Operation column. Select a permission in the Permission drop-down list and click Save.

  • To delete permissions, on the Users tab, locate a user and click Delete in the Operation column. Click OK.