Custom roles - Docker

Custom roles allow you to create tailored permission sets that match your organization's specific needs. This page covers custom roles and steps to create and manage them.

What are custom roles?

Custom roles let you create tailored permission sets for your organization. You can assign custom roles to individual users or teams. Users and teams get either a core role or custom role, but not both.

Use custom roles when Docker's core roles don't fit your needs.

Prerequisites

To configure custom roles, you need owner permissions in your Docker organization.

Create a custom role

Before you can assign a custom role to users, you must create one in the Admin Console:

Sign in to Docker Home.
Select Admin Console.
Under User management, select Roles > Create role.
Create a name and describe what the role is for:
- Provide a Label
- Enter a unique Name identifier (can't be changed later)
- Add an optional Description
Set permissions for the role by expanding permission categories and selecting the checkboxes for permissions. For a full list of available permissions, see the custom roles permissions reference.
Select Review to review your custom roles configuration and see a summary of selected permissions.
Select Create.

With a custom role created, you can now assign custom roles to users.

Edit a custom role

Sign in to Docker Home.
Select Admin Console.
Under User management, select Roles.
Find your custom role from the list, and select the Actions menu.
Select Edit.
You can edit the following custom role settings:
- Label
- Description
- Permissions
After you have finished editing, select Save.

Assign custom roles

Sign in to Docker Home.
Select Members.
Locate the member you want to assign a custom role to, then select the Actions menu.
In the drop-down, select Change role.
In the Select a role drop-down, select your custom role.
Select Save.

Sign in to Docker Home.
Select Members.
Use the checkboxes in the username column to select all users you want to assign a custom role to.
Select Change role.
In the Select a role drop-down, select your custom role or a core role.
Select Save.

Sign in to Docker Home.
Select Teams.
Locate the team you want to assign a custom role to, then select the Actions menu.
Select Assign role.
Select your custom role, then select Assign.

The role column will update to the newly assigned role.

View role assignments

To see which users and teams are assigned to roles:

Sign in to Docker Home.
Select Admin Console.
Under User management, select Roles.
In the roles list, view the Users and Teams columns to see assignment counts.
Select a specific role to view its permissions and assignments in detail.

Reassign custom roles

Sign in to Docker Home.
Select Members.
Locate the member you want to reassign, then select the Actions menu.
Select Change role.
In the Select a role drop-down, select the new role.
Select Save.

Sign in to Docker Home.
Select Members.
Use the checkboxes in the username column to select all users you want to reassign.
Select Change role.
In the Select a role drop-down, select the new role.
Select Save.

Sign in to Docker Home.
Select Teams.
Locate the team, then select the Actions menu.
Select Change role.
In the pop-up window, select a role from the drop-down menu, then select Save.

Delete a custom role

Before deleting a custom role, you must reassign all users and teams to different roles.

Sign in to Docker Home.
Select Admin Console.
Under User management, select Roles.
Find your custom role from the list, and select the Actions menu.
If the role has assigned users or teams:
- Navigate to the Members page and change the role for all users assigned to this custom role
- Navigate to the Teams page and reassign all teams that have this custom role
Once no users or teams are assigned, return to Roles.
Find your custom role and select the Actions menu.
Select Delete.
In the confirmation window, select Delete to confirm.

Custom roles permissions reference

Custom roles are built by selecting specific permissions across different categories. The following tables list all available permissions you can assign to a custom role.

Organization management

Permission	Description
View teams	View teams and team members
Manage teams	Create, update, and delete teams and team members
Manage registry access	Control which registries members can access
Manage image access	Set policies for which images members can pull and use
Update organization information	Update organization information such as name and location
Member management	Manage organization members, invites, and roles
View custom roles	View existing custom roles and their permissions
Manage custom roles	Full access to custom role management and assignment
Manage organization access tokens	Create, update, and delete repositories in this org. Push/pull or registry actions not included
View activity logs	Access organization audit logs and activity history
View domains	View domains and domain audit settings
Manage domains	Manage verified domains and domain audit settings
View SSO and SCIM	View single sign-on and user provisioning configurations
Manage SSO and SCIM	Full access to SSO and SCIM management
Manage Desktop settings	Configure Docker Desktop settings policies and view usage reports

Docker Hub

Permission	Description
View repositories	View repository details and contents
Manage repositories	Create, update, and delete repositories and their contents

Billing

Permission	Description
View billing	View organization billing information
Manage billing	Complete access to managing organization billing