Roles and permissions
Table of contents
Roles control what users can do in your organization. When you invite users, you assign them a role that determines their permissions for repositories, teams, and organization settings.
This page provides an overview of Docker roles and permissions for each role.
Organization roles
Docker organizations have three main roles:
- Member: Non-administrative role with basic access. Members can view other organization members and pull images from repositories they have access to.
- Editor: Partial administrative access. Editors can create, edit, and delete repositories. They can also manage team permissions for repositories.
- Owner: Full administrative access. Owners can manage all organization settings, including repositories, teams, members, billing, and security features.
Permissions by role
NoteAn owner role assigned at the company level has the same access as an owner role assigned at the organization level. For more information, see Company overview.
Content and registry permissions
These permissions apply organization-wide, including all repositories in your organization's namespace.
| Permission | Member | Editor | Owner |
|---|---|---|---|
| Explore images and extensions | β | β | β |
| Star, favorite, vote, and comment on content | β | β | β |
| Pull images | β | β | β |
| Create and publish an extension | β | β | β |
| Become a Verified, Official, or Open Source publisher | β | β | β |
| Observe content engagement as a publisher | β | β | β |
| Create public and private repositories | β | β | β |
| Edit and delete repositories | β | β | β |
| Manage tags | β | β | β |
| View repository activity | β | β | β |
| Set up Automated builds | β | β | β |
| Edit build settings | β | β | β |
| View teams | β | β | β |
| Assign team permissions to repositories | β | β | β |
When you add members to teams, you can grant additional repository permissions beyond their organization role:
- Role permissions: Applied organization-wide (member or editor)
- Team permissions: Additional permissions for specific repositories
Organization management permissions
| Permission | Member | Editor | Owner |
|---|---|---|---|
| Create teams | β | β | β |
| Manage teams (including delete) | β | β | β |
| Configure the organization's settings (including linked services) | β | β | β |
| Add organizations to a company | β | β | β |
| Invite members | β | β | β |
| Manage members | β | β | β |
| Manage member roles and permissions | β | β | β |
| View member activity | β | β | β |
| Export and reporting | β | β | β |
| Image Access Management | β | β | β |
| Registry Access Management | β | β | β |
| Set up Single Sign-On (SSO) and SCIM | β | β | β * |
| Require Docker Desktop sign-in | β | β | β * |
| Manage billing information (for example, billing address) | β | β | β |
| Manage payment methods (for example, credit card or invoice) | β | β | β |
| View billing history | β | β | β |
| Manage subscriptions | β | β | β |
| Manage seats | β | β | β |
| Upgrade and downgrade plans | β | β | β |
* If not part of a company
Docker Scout permissions
| Permission | Member | Editor | Owner |
|---|---|---|---|
| View and compare analysis results | β | β | β |
| Upload analysis records | β | β | β |
| Activate and deactivate Docker Scout for a repository | β | β | β |
| Create environments | β | β | β |
| Manage registry integrations | β | β | β |
Docker Build Cloud permissions
| Permission | Member | Editor | Owner |
|---|---|---|---|
| Use a cloud builder | β | β | β |
| Create and remove builders | β | β | β |
| Configure builder settings | β | β | β |
| Buy minutes | β | β | β |
| Manage subscription | β | β | β |