Docker roles and permissions
Was this helpful?
Was this helpful?
This document describes the permission levels each has within the Portainer application for both Docker Standalone and Docker Swarm environments. Refer to the linked notes for further requirements on each operation.
EA
Environment Administrator
OP
Operator
HD
Helpdesk
ST
Standard user
RO
Read-only user
View app templates
Deploy app templates
View custom templates
Create custom templates
Deploy custom templates
Edit custom templates
Change custom template ownership
Delete custom template
View stacks
Create a stack
Edit a stack
View stack details
Change stack ownership
Stop a stack
Start a stack
Duplicate a stack
Migrate a stack
Create template from a stack
Update service in stack
Remove service from stack
Delete a stack
These operations are only relevant for Docker Swarm environments.
View services
Create service
View service details
Edit service
Update service
Roll back service
View service logs
Change service ownership
Delete service
View containers
Create container
Build an image from a container
View container details
Start container
Stop container
Kill container
Restart container
Pause container
Resume container
Edit container
Duplicate container
Recreate container
Container console
Container attach
Join container to network
Remove container from network
View container logs
Change container ownership
Delete container
View images
Pull an image
Push an image
Build an image
Import an image
View image details
Add tag to image
Remove tag from image
Export image
Delete an image
View volumes
Create a volume
View volume details
Browse a volume
Change volume ownership
Delete a volume
View networks
Create a network
View network details
Change network ownership
Delete a network
These operations are only relevant for Docker Standalone environments.
View events
These operations are only relevant for Docker Swarm environments.
View configs
Create a config
View config details
Clone a config
Change config ownership
Delete a config
These operations are only relevant for Docker Swarm environments.
View secrets
Create a secret
View secret details
Change secret ownership
Delete a secret
These operations are only relevant for Docker Standalone environments.
View host details
These operations are only relevant for Docker Swarm environments.
View cluster details
Read registry
Browse registry
Update repositories
Delete repositories
Standard / Read only users (and Operators in the case of ownership operations) have permission only if they are given access to the resource. This can be inherited, for example inheriting a service from a stack.
This operation is only relevant for Swarm environments.
Disable privileged mode for non-administrators
Disable the use of host PID 1 for non-administrators
Disable device mappings for non-administrators
Disable container capabilities for non-administrators
Disable bind mounts for non-administrators
This operation can only be performed under the allowed registry.
Access to these operations can be affected by the Disable the use of Stacks for non-administrators security setting (, ).
,
,
,
,
,
,
,
This operation can be affected by the following security settings (, ):
This operation can be affected by the Enable volume management for non-administrators setting (, ), and requires the use of the Portainer Agent.