Correct permissions to be able to push docker images?


#1

Just looking for some clarification on this subject. I created a role for users who can “push” images into the docker registry. From reading the documentation it sounded like giving them “nx-repository-view-docker-*-add” permission would be sufficient… With this permission I ended up getting “unauthorized: access to the requested resource is not authorized” errors when trying to push.

After some experimentation it appears that “nx-repository-view-docker-*-edit” is the correct permission to grant to be able to push images. Documentation stats that “edit” - “This action allows privileges to modify associated scripts, repository content, and repository administration.” The “repository administration” part of that makes me feel like this may not be the correct permission level…

So I’m just looking for some advice if this is correct or not? and wanted to make sure the user can’t do more than I intend…

Thanks!


#2

The “add” vs. “edit” distinction in privileges was designed for the REST API. Edit allows HTTP PUT requests, while add allows for POST (and a few other things):

This distinction doesn’t make a lot of sense for repositories, and we are considering simplifying it: