KodeKloud Notes

In this lesson, we’ll explore how to manage users, organizations, teams, and repository permissions in [Docker Trusted Registry][Docker Trusted Registry]. Leveraging DTR’s integration with [Universal Control Plane][Universal Control Plane], you can secure and streamline image sharing across your organization.

Repository Visibility

DTR repositories can be public or private.

Public: Any user with your DTR URL can pull images without authentication.
Private: Only authenticated users with the right permissions can pull images.

Note

To access private repositories, authenticate with docker login <DTR_URL> using a valid DTR account.

The image shows a user interface for creating a new repository with options to set its visibility as public or private. The title "DTR Security" is displayed at the top.

Managing User Accounts

Every push or pull to DTR requires a user account. You have two options:

UCP Accounts
Users created in [Universal Control Plane] are automatically available in DTR.
DTR Local Accounts
Create users directly in the DTR web UI; they’ll also appear in UCP.

The image shows a "Create User" form for Docker, with fields for username, password, and full name, and an option to designate the user as a Docker Enterprise admin.

Organizations and Teams

To collaborate on repositories, group users into organizations and teams:

Create an Organization
Define Teams within that organization
Add Users to each team

Team membership grants access to all repositories assigned to that team.

Note

Organize users into teams by project or role to maintain consistent permissions and reduce administrative overhead.

The image shows a screenshot of the Docker Trusted Registry interface, focusing on organizations and teams, alongside a diagram illustrating a hierarchical team structure.

Repository Permission Levels

Assign one of three permission levels when granting a team access to a repository:

Permission	Actions Allowed
Read	View repository metadata & pull images
Write	Pull, push, tag, and scan images
Admin	Full control: read/write actions plus manage settings

The image shows a user interface for setting repository permissions, with options for read-only, read-write, and admin access. It also includes a table detailing the operations allowed for each permission level.

Summary

Choose public or private visibility based on your security needs.
Use UCP or DTR to manage user accounts seamlessly.
Leverage organizations and teams to simplify collaboration.
Assign granular permission levels (Read, Write, Admin) to control repository access.

By following these best practices, you’ll ensure secure, efficient access control in Docker Trusted Registry.

References

Watch Video

Watch video content