roadmap icon indicating copy to clipboard operation
roadmap copied to clipboard
verified publisher icon docker

[Docker Hub] Enable read access to every repo in organization

Open pkennedyr opened this issue 5 years ago • 10 comments

Tell us about your request Allow all members of an organization to have read access to all repos.

Which service(s) is this request for? Docker Hub

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? When new repositories are added to an organization, the repo permissions must be updated in order to grant teams access to the new repo. Hub users have expressed a desire to automatically allow all members of an organization to automatically have read access to a repo (e.g. a policy that provides everyone in a team with read-only access to all repos).

Are you currently working around the issue? See above (repo permissions must be updated in order to grant individual teams with access to a new repo).

Additional context NA

pkennedyr avatar Mar 30 '20 17:03 pkennedyr

Concur with this request. Individual access controls is powerful but cumbersome to administer for organizations with many repositories. Most of the time having a Team with Read-Only for all repos is good enough granularity.

eacmen avatar Nov 17 '20 14:11 eacmen

This is important for kubernetes to pull image with read-only role for all repos

dogzzdogzz avatar Dec 16 '20 08:12 dogzzdogzz

Is there any update on this issue? We have many repositories and it's burdensome to manage permissions for each individually.

menzenski avatar Jun 22 '21 14:06 menzenski

Wanting this as well.

davidungio avatar Oct 07 '21 00:10 davidungio

+1 - This is important for scaling while managing read-only roles.

neildsimbulan avatar Oct 07 '21 00:10 neildsimbulan

It'd also be helpful to be able to give a non-owner team write access to every repository in an organization. We may want a team to be able to push to any repository (and create new repositories), without also giving them control over billing, or adding/removing new members.

philomory avatar Jan 29 '22 02:01 philomory

It is an impossible task to manage repo's individually for a large organization. And we just bought a business license and enabled SSO...

What would be great is to be able to set global repo permissions at the organization level.

  • Team X has READ on all repos.
  • Team Y has READ/WRITE on all repos.
  • Team devops has READ/WRITE/ADMIN on all repos.

Then at the team level restrict access to specific repos. E.g. Team Y has no WRITE access on repo Z.

TheDukeDK avatar May 03 '22 15:05 TheDukeDK

Lacking this feature has made Team and Business account less attractive compared to the same service from other competitor.

knumchoke avatar Jun 29 '22 03:06 knumchoke

This is direly needed for our organization. We have hundreds of repositories and provision user access automatically via Okta, but still have to manage repository permissions manually. There at least needs be an API endpoint that can update repository permissions so people can script it.

EndymionWight avatar Sep 20 '24 00:09 EndymionWight

Just wanted to follow up and say we have actually dropped our business license for docker hub. This was certainly one of the reasons we never fully leveraged Docker Hub. And was therefor a contributing factor we have moved on.

TheDukeDK avatar Dec 11 '24 15:12 TheDukeDK

this is possible now with OAT to create a token with read-only permission for all organization repos https://docs.docker.com/enterprise/security/access-tokens/

jdomag avatar Nov 27 '25 09:11 jdomag