This document describes the permission levels each RBAC role has within the Portainer application for both Docker Standalone and Docker Swarm environments. Refer to the linked notes for further requirements on each operation.
Role-Based Access Control is only available in Portainer Business Edition.
| Abbreviation | Role name |
|---|---|
| Operation | EA | OP | HD | ST | RO | Notes |
|---|---|---|---|---|---|---|
Access to these operations can be affected by the Disable the use of Stacks for non-administrators security setting (Docker, Swarm).
These operations are only relevant for Docker Swarm environments.
These operations are only relevant for Docker Standalone environments.
These operations are only relevant for Docker Swarm environments.
These operations are only relevant for Docker Swarm environments.
These operations are only relevant for Docker Standalone environments.
These operations are only relevant for Docker Swarm environments.
Standard / Read only users (and Operators in the case of ownership operations) have permission only if they are given access to the resource. This can be inherited, for example inheriting a service from a stack.
This operation is only relevant for Swarm environments.
This operation can be affected by the following security settings (Docker, Swarm):
Disable privileged mode for non-administrators
Disable the use of host PID 1 for non-administrators
Disable device mappings for non-administrators
Disable container capabilities for non-administrators
Disable bind mounts for non-administrators
This operation can only be performed under the allowed registry.
| Operation | EA | OP | HD | ST | RO | Notes |
|---|---|---|---|---|---|---|
| Operation | EA | OP | HD | ST | RO | Notes |
|---|---|---|---|---|---|---|
| Operation | EA | OP | HD | ST | RO | Notes |
|---|---|---|---|---|---|---|
| Operation | EA | OP | HD | ST | RO | Notes |
|---|---|---|---|---|---|---|
| Operation | EA | OP | HD | ST | RO | Notes |
|---|---|---|---|---|---|---|
| Operation | EA | OP | HD | ST | RO | Notes |
|---|---|---|---|---|---|---|
| Operation | EA | OP | HD | ST | RO | Notes |
|---|---|---|---|---|---|---|
| Operation | EA | OP | HD | ST | RO | Notes |
|---|---|---|---|---|---|---|
| Operation | EA | OP | HD | ST | RO | Notes |
|---|---|---|---|---|---|---|
| Operation | EA | OP | HD | ST | RO | Notes |
|---|---|---|---|---|---|---|
| Operation | EA | OP | HD | ST | RO | Notes |
|---|---|---|---|---|---|---|
| Operation | EA | OP | HD | ST | RO | Notes |
|---|---|---|---|---|---|---|
EA
Environment Administrator
OP
Operator
HD
Helpdesk
ST
Standard user
RO
Read-only user
View app templates
Deploy app templates
View custom templates
Create custom templates
Deploy custom templates
Edit custom templates
Change custom template ownership
Delete custom template
View stacks
Create a stack
Edit a stack
View stack details
Change stack ownership
Stop a stack
Start a stack
Duplicate a stack
Migrate a stack
Create template from a stack
Update service in stack
Remove service from stack
Delete a stack
View services
Create service
View service details
Edit service
Update service
Roll back service
View service logs
Change service ownership
Delete service
View containers
Create container
Build an image from a container
View container details
Start container
Stop container
Kill container
Restart container
Pause container
Resume container
Edit container
Duplicate container
Recreate container
Container console
Container attach
Join container to network
Remove container from network
View container logs
Change container ownership
Delete container
View images
Pull an image
Push an image
Build an image
Import an image
View image details
Add tag to image
Remove tag from image
Export image
Delete an image
View volumes
Create a volume
View volume details
Browse a volume
Change volume ownership
Delete a volume
View networks
Create a network
View network details
Change network ownership
Delete a network
View events
View configs
Create a config
View config details
Clone a config
Change config ownership
Delete a config
View secrets
Create a secret
View secret details
Change secret ownership
Delete a secret
View host details
View cluster details
Read registry
Browse registry
Update repositories
Delete repositories
