Docker roles and permissions

This document describes the permission levels each RBAC role has within the Portainer application for both Docker Standalone and Docker Swarm environments. Refer to the linked notes for further requirements on each operation.
Role-Based Access Control is only available in Portainer Business Edition.
Legend
Abbreviation
Role name
EA
Environment Administrator
OP
Operator
HD
Helpdesk
ST
Standard user
RO
Read-only user
Roles and permissions
Templates
Operation
EA
OP
HD
ST
RO
Notes
View app templates
​
Deploy app templates
​
View custom templates
​1​
Create custom templates
​
Deploy custom templates
​1​
Edit custom templates
​1​
Change custom template ownership
​1​
Delete custom template
​1​
Stacks
Access to these operations can be affected by the Disable the use of Stacks for non-administrators security setting (Docker, Swarm).
Operation
EA
OP
HD
ST
RO
Notes
View stacks
​1​
Create a stack
​3​
Edit a stack
​1​
View stack details
​1​
Change stack ownership
​1​
Stop a stack
​1​
Start a stack
​1​
Duplicate a stack
​1​
Migrate a stack
​1​
Create template from a stack
​1​
Update service in stack
​1, 2​
Remove service from stack
​1, 2​
Delete a stack
​1​
Services
These operations are only relevant for Docker Swarm environments.
Operation
EA
OP
HD
ST
RO
Notes
View services
​1​
Create service
​3.5​
View service details
​1​
Edit service
​1, 3.5​
Update service
​1​
Roll back service
​1​
View service logs
​1​
Change service ownership
​1​
Delete service
​1​
Containers
Operation
EA
OP
HD
ST
RO
Notes
View containers
​1​
Create container
​3​
Build an image from a container
​1​
View container details
​1​
Start container
​1​
Stop container
​1​
Kill container
​1​
Restart container
​1​
Pause container
​1​
Resume container
​1​
Edit container
​1, 3​
Duplicate container
​1, 3​
Recreate container
​1, 3​
Container console
​1​
Container attach
​1​
Join container to network
​1​
Remove container from network
​1​
View container logs
​1​
Change container ownership
​1​
Delete container
​1​
Images
Operation
EA
OP
HD
ST
RO
Notes
View images
​
Pull an image
​
Push an image
​
Build an image
​
Import an image
​
View image details
​
Add tag to image
​
Remove tag from image
​
Export image
​
Delete an image
​
Volumes
Operation
EA
OP
HD
ST
RO
Notes
View volumes
​1​
Create a volume
​
View volume details
​1​
Browse a volume
​1, 4​
Change volume ownership
​1​
Delete a volume
​1​
Networks
Operation
EA
OP
HD
ST
RO
Notes
View networks
​1​
Create a network
​
View network details
​1​
Change network ownership
​1​
Delete a network
​1​
Events
These operations are only relevant for Docker Standalone environments.
Operation
EA
OP
HD
ST
RO
Notes
View events
​
Configs
These operations are only relevant for Docker Swarm environments.
Operation
EA
OP
HD
ST
RO
Notes
View configs
​1​
Create a config
​
View config details
​1​
Clone a config
​1​
Change config ownership
​1​
Delete a config
​1​
Secrets
These operations are only relevant for Docker Swarm environments.
Operation
EA
OP
HD
ST
RO
Notes
View secrets
​1​
Create a secret
​
View secret details
​1​
Change secret ownership
​1​
Delete a secret
​1​
Host
These operations are only relevant for Docker Standalone environments.
Operation
EA
OP
HD
ST
RO
Notes
View host details
​
Swarm
These operations are only relevant for Docker Swarm environments.

Abbreviation	Role name
EA	Environment Administrator
OP	Operator
HD	Helpdesk
ST	Standard user
RO	Read-only user

Operation	EA	OP	HD	ST	RO	Notes
View app templates
Deploy app templates
View custom templates						1
Create custom templates
Deploy custom templates						1
Edit custom templates						1
Change custom template ownership						1
Delete custom template						1

Operation	EA	OP	HD	ST	RO	Notes
View stacks						1
Create a stack						3
Edit a stack						1
View stack details						1
Change stack ownership						1
Stop a stack						1
Start a stack						1
Duplicate a stack						1
Migrate a stack						1
Create template from a stack						1
Update service in stack						1, 2
Remove service from stack						1, 2
Delete a stack						1

Operation	EA	OP	HD	ST	RO	Notes
View services						1
Create service						3.5
View service details						1
Edit service						1, 3.5
Update service						1
Roll back service						1
View service logs						1
Change service ownership						1
Delete service						1

Operation	EA	OP	HD	ST	RO	Notes
View containers						1
Create container						3
Build an image from a container						1
View container details						1
Start container						1
Stop container						1
Kill container						1
Restart container						1
Pause container						1
Resume container						1
Edit container						1, 3
Duplicate container						1, 3
Recreate container						1, 3
Container console						1
Container attach						1
Join container to network						1
Remove container from network						1
View container logs						1
Change container ownership						1
Delete container						1

Operation	EA	OP	HD	ST	RO	Notes
View images
Pull an image
Push an image
Build an image
Import an image
View image details
Add tag to image
Remove tag from image
Export image
Delete an image

Operation	EA	OP	HD	ST	RO	Notes
View volumes						1
Create a volume
View volume details						1
Browse a volume						1, 4
Change volume ownership						1
Delete a volume						1

Operation	EA	OP	HD	ST	RO	Notes
View networks						1
Create a network
View network details						1
Change network ownership						1
Delete a network						1

Operation	EA	OP	HD	ST	RO	Notes
View configs						1
Create a config
View config details						1
Clone a config						1
Change config ownership						1
Delete a config						1

Operation	EA	OP	HD	ST	RO	Notes
View secrets						1
Create a secret
View secret details						1
Change secret ownership						1
Delete a secret						1