Core roles
Core roles are Docker's built-in roles with predefined permission sets. This page provides an overview of Docker's core roles and permissions for each role.
What are core roles?
Docker organizations have three core roles:
- Member: Non-administrative role with basic access. Members can view other organization members and pull images from repositories they have access to.
- Editor: Partial administrative access. Editors can create, edit, and delete repositories. They can also manage team permissions for repositories.
- Owner: Full administrative access. Owners can manage all organization settings, including repositories, teams, members, billing, and security features.
A company owner has the same organization management permissions as an organization owner, but there are some content and registry permissions that company owners don't have (for example, repository pull/push). For more information, see Company overview.
Content and registry permissions
These permissions apply organization-wide, including all repositories in your organization's namespace.
| Permission | Member | Editor | Owner |
|---|---|---|---|
| Explore images and extensions | β | β | β |
| Star, favorite, vote, and comment on content | β | β | β |
| Pull images | β | β | β |
| Create and publish an extension | β | β | β |
| Become a Verified, Official, or Open Source publisher | β | β | β |
| Edit and delete publisher repository logos | β | β | β |
| Configure DVP analytics settings | β | β | β |
| Observe content engagement as a publisher | β | β | β |
| Create public and private repositories | β | β | β |
| Disable public repositories | β | β | β |
| Edit and delete repositories | β | β | β |
| Manage tags | β | β | β |
| View repository activity | β | β | β |
| Set up Automated builds | β | β | β |
| Edit build settings | β | β | β |
| View teams | β | β | β |
| Assign team permissions to repositories | β | β | β |
When you add members to teams, you can grant additional repository permissions beyond their organization role:
- Role permissions: Applied organization-wide (member or editor)
- Team permissions: Additional permissions for specific repositories
Organization management permissions
| Permission | Member | Editor | Owner |
|---|---|---|---|
| Create teams | β | β | β |
| Manage teams (including delete) | β | β | β |
| Configure the organization's settings (including linked services) | β | β | β |
| Add organizations to a company | β | β | β |
| Invite members | β | β | β |
| Manage members | β | β | β |
| Manage member roles and permissions | β | β | β |
| View member activity | β | β | β |
| Export and reporting | β | β | β |
| Image Access Management | β | β | β |
| Registry Access Management | β | β | β |
| Namespace access control | β | β | β |
| Set up Single Sign-On (SSO) and SCIM | β | β | β * |
| Require Docker Desktop sign-in | β | β | β * |
| Manage billing information (for example, billing address) | β | β | β |
| Manage payment methods (for example, credit card or invoice) | β | β | β |
| View billing history | β | β | β |
| Manage subscriptions | β | β | β |
| Manage seats | β | β | β |
| Upgrade and downgrade plans | β | β | β |
TipIf you want more granular access control, you can upgrade to a Docker Business plan for custom roles and advanced permissions.
* If not part of a company
Docker Scout permissions
| Permission | Member | Editor | Owner |
|---|---|---|---|
| View and compare analysis results | β | β | β |
| Upload analysis records | β | β | β |
| Activate and deactivate Docker Scout for a repository | β | β | β |
| Create environments | β | β | β |
| Manage registry integrations | β | β | β |
Docker Build Cloud permissions
| Permission | Member | Editor | Owner |
|---|---|---|---|
| Use a cloud builder | β | β | β |
| Create and remove builders | β | β | β |
| Configure builder settings | β | β | β |
| Buy minutes | β | β | β |
| Manage subscription | β | β | β |