You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/container-registry/container-registry-repository-scoped-permissions.md
+8-5Lines changed: 8 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
title: Permissions to repositories in Azure Container Registry
3
3
description: Create a token with permissions scoped to specific repositories in a registry to pull or push images, or perform other actions
4
4
ms.topic: article
5
-
ms.date: 02/13/2020
5
+
ms.date: 05/22/2020
6
6
---
7
7
8
8
# Create a token with repository-scoped permissions
@@ -15,12 +15,13 @@ Scenarios for creating a token include:
15
15
* Provide an external organization with permissions to a specific repository
16
16
* Limit repository access to different user groups in your organization. For example, provide write and read access to developers who build images that target specific repositories, and read access to teams that deploy from those repositories.
17
17
18
+
This feature is available in **Premium** container registries. For information about registry service tiers and limits, see [Azure Container Registry service tiers](container-registry-skus.md).
19
+
18
20
> [!IMPORTANT]
19
21
> This feature is currently in preview, and some [limitations apply](#preview-limitations). Previews are made available to you on the condition that you agree to the [supplemental terms of use][terms-of-use]. Some aspects of this feature may change prior to general availability (GA).
20
22
21
23
## Preview limitations
22
24
23
-
* This feature is available in **Premium** container registries. For information about registry service tiers and limits, see [Azure Container Registry service tiers](container-registry-skus.md).
24
25
* You can't currently assign repository-scoped permissions to an Azure Active Directory identity, such as a service principal or managed identity.
25
26
* You can't create a scope map in a registry enabled for [anonymous pull access](container-registry-faq.md#how-do-i-enable-anonymous-pull-access).
26
27
@@ -145,13 +146,15 @@ The following example creates a token, and creates a scope map with the followin
145
146
146
147
1. In the portal, navigate to your container registry.
147
148
1. Under **Repository permissions**, select **Tokens (Preview) > +Add**.
148
-
149
+
150
+
:::image type="content" source="media/container-registry-repository-scoped-permissions/portal-token-add.png" alt-text="Create token in portal":::
149
151
1. Enter a token name.
150
152
1. Under **Scope map**, select **Create new**.
151
153
1. Configure the scope map:
152
154
1. Enter a name and description for the scope map.
153
155
1. Under **Repositories**, enter `samples/hello-world`, and under **Permissions**, select `content/read` and `content/write`. Then select **+Add**.
154
-
156
+
157
+
:::image type="content" source="media/container-registry-repository-scoped-permissions/portal-scope-map-add.png" alt-text="Create scope map in portal":::
155
158
156
159
1. After adding repositories and permissions, select **Add** to add the scope map.
157
160
1. Accept the default token **Status** of **Enabled** and then select **Create**.
@@ -168,7 +171,7 @@ To use a token created in the portal, you must generate a password. You can gene
168
171
1. In the password screen, optionally set an expiration date for the password, and select **Generate**. It's recommended to set an expiration date.
169
172
1. After generating a password, copy and save it to a safe location. You can't retrieve a generated password after closing the screen, but you can generate a new one.
170
173
171
-
174
+
:::image type="content" source="media/container-registry-repository-scoped-permissions/portal-token-password.png" alt-text="Create token password in portal":::
0 commit comments