Harbor2.2 Quick check of user role permissions

System level roles ：

• Harbor System administrator ：“Harbor System administrator ” Have the most permissions . In addition to the above authorities ,“Harbor System administrator ” You can also list all the items 、 Set ordinary users as administrators 、 Delete users and set vulnerability scanning policies for all images . Public projects “ library ” It's also owned by the administrator .
• anonymous ( Non system administrator )： When the user is not logged in , This user is considered “ anonymous ” user . Anonymous users do not have access to private items , And have read-only access to public projects .

Project user role

Harbor
Provides “ project ”（project） The concept of , Each project corresponds to a namespace with the same name as the project （namespace） To preserve Artifact, Each namespace is an independent authorization unit , take Artifact Isolate .

When using Docker Wait for the command line tool to Harbor Push and pull images Artifact when , This namespace is also URI An integral part of . Users need to be aware of Artifact To read and write , First of all, it should be added as a member of the project by the administrator , The specific permissions are determined by the role of the member . Members who join the project can have the following roles .

Harbor Mirror through project management . By including users in the project and assigning them one of the following roles , You can provide users with access to these images .

• Restricted visitors ： Restricted visitors do not have full access to the item . They can pull images but not push , And they don't see logs or other members of the project . for example , You can create restricted visitors for users with shared project access from different organizations .
• visitor ： The guest has read-only access to the specified item . They can pull and relabel images , But you can't push .
• developer ： The developer has access to the project .
• Maintainer ： Defenders have the power to transcend “ developer ” Authority , Including scanning images 、 View copy jobs and delete mirrors and helm charts The ability of .
• Project manager ： When creating a new project , You will be assigned to the project “ProjectAdmin” role .“ProjectAdmin” In addition to read and write permissions , There are also some administrative permissions , Such as adding and deleting members 、 Start vulnerability scanning .

Full details of different role permissions

Users have different abilities , It depends on their role in the project .

In public projects , All users can view the repository list 、 Mirror image 、 Mirror holes 、helm charts and helm charts edition 、 Pull the mirror image 、 Relabel the image （ You need the push permission of the target image ）、 download helm charts、 download helm charts edition .

The system administrator has all the permissions of the project .

Project member permissions

The following table describes the various user permission levels in the project .

* Only Harbor System administrators can edit project quotas and add new scanners .

Reference link ：

https://goharbor.io/docs/2.2.0/administration/managing-users/

Target quotas and add new scanners .

Reference link ：

https://goharbor.io/docs/2.2.0/administration/managing-users/

https://goharbor.io/docs/2.2.0/administration/managing-users/user-permissions-by-role/