Updated on 2024-06-19 GMT+08:00

User Permissions

Scenario

To manage SWR permissions, you can use Identity and Access Management (IAM). For details about how to set permissions, see Creating a User and Granting SWR Permissions. If you have the SWR Admin or Tenant Administrator permission, you become an admin user of SWR. You can grant permissions to other IAM users in SWR.

An admin user is granted image management permission of all organizations by default, even if the user is not in the authorized user list of the organizations.

If you are not an SWR admin user, you can request an SWR admin user to grant you permissions to read, write, or manage a specific image or images in a specific organization.

Scenarios

  • Example 1: An IAM user having the ServiceStage Developer permission (SWR read-only permission) wants to pull the Nginx image created by the SWR administrator in the group organization.

    Solution: The SWR administrator grants the read permission on the Nginx image details page to the IAM user and then the image can be pulled.

  • Example 2: An SWR administrator wants to grant an external user the permission to push images to the organization, but the user is not allowed to log in to the console and can only push images through the container engine client.

    Solution: The SWR administrator grants the edit permission to the user on the Users tab page of the organization details page and set Access Type to Programmatic access in IAM.

    Figure 1 Changing the access type

Authorization Methods

IAM users in SWR can have permissions by using either of the following methods:

You can add the following three types of permissions to users:

  • Read: Users can only pull images.
  • Write: Users can pull and push images, edit image attributes, and add triggers.
  • Manage: Users can pull and push images, delete images or tags, edit image attributes, grant permissions, add triggers, and share images with other users.

To upload images to an organization, you require the write or manage permission for the organization to which images are uploaded. Write and manage permissions added on the image details pages will not be sufficient to upload images.

Granting Permissions of a Specific Image

To allow IAM users of your account to read, write, and manage a specific image, add the required permissions to the users on the details page of this image.

  1. Log in to the SWR console.
  2. In the navigation pane, choose My Images and click the desired image.
  3. On the image details page, click the Permissions tab.

  4. Click Add Permission. On the page displayed, enter an IAM username, and then click Read, Write, or Manage. Click OK to confirm.

Modifying or Deleting Permissions of a Specific Image

You can also modify or delete user permissions on the image details page.

  • To modify permissions, click the Permissions tab on the image details page, and click Edit in the row of the desired username. Select a permission in the Permission drop-down list, and click Save in the Operation column.

  • To delete permissions, click Delete in the row of the desired username on the Permissions tab page, and then click OK.

Granting Permissions of an Organization

After an IAM user is created, the administrator needs to grant permissions to the user in the organization so that the user can read, edit, and manage images in the organization.

Only accounts and IAM users who have the Manage permission can add permissions for other users.

  1. Log in to the SWR console.
  2. In the navigation pane, choose Organizations. Then click View Details in the row of the desired organization.
  3. On the Users tab page, click Add Permission. In the dialog box displayed, enter an IAM username, select permissions for the user and click OK.

Modifying or Deleting Permissions of an Organization

You can also modify and delete user permissions of an organization.

  • To modify permissions, click Edit in the row of the desired username on the Users tab page. Select a permission in the Permission drop-down list, and click Save in the Operation column.

  • To delete permissions, click Delete in the row of the desired username on the Users tab page, and then click OK.