Oracle Cloud Infrastructure Documentation

Policies to Control Repository Access

You have fine-grained control over the operations that users are allowed to perform on repositories in Oracle Cloud Infrastructure Registry.

A user's permissions to access repositories comes from the groups to which they belong. The permissions for a group are defined by identity policies. Policies define which actions the members of a group can perform. Users access repositories and perform operations based on the policies set for the groups they are members of. Identity policies to control repository access must be set at the tenancy level. See Details for Registry .

Before you can control access to repositories, you must have already created users and already placed them in appropriate groups (see Managing Users and Managing Groups). You can then create policies and policy statements to control repository access (see Managing Policies).

Note that users in the tenancy's Administrators group can perform any operation on any repository in Oracle Cloud Infrastructure Registry that belongs to the tenancy.

Common Policies

Note

The policies in this section use example group names, as follows:

  • acme-viewers: A group that you want to limit to seeing a list of repositories in the tenancy.
  • acme-pullers: A group that you want to limit to pulling images.
  • acme-pushers: A group that you want to allow to push and pull images.
  • acme-managers: A group that you want to allow to push and pull images, delete repositories, and edit repository metadata (for example, to make a private repository public).

Make sure to replace the example group names with your own group names.

 

Enable users to view a list of all the repositories belonging to the tenancy
Enable users to pull images from any repository belonging to the tenancy
Enable users to pull images from specific repositories
Enable users to push images to any repositories (and create new repositories if necessary)
Enable managers to perform any operation on any repository belonging to the tenancy