Docker roles and permissions
This document describes the permission levels each RBAC role has within the Portainer application for both Docker Standalone and Docker Swarm environments. Refer to the linked notes for further requirements on each operation.
Role-Based Access Control is only available in Portainer Business Edition.
Legend
Roles and permissions
Templates
Stacks
Access to these operations can be affected by the Disable the use of Stacks for non-administrators security setting (Docker, Swarm).
Services
These operations are only relevant for Docker Swarm environments.
Containers
Images
Volumes
Networks
Events
These operations are only relevant for Docker Standalone environments.
Configs
These operations are only relevant for Docker Swarm environments.
Secrets
These operations are only relevant for Docker Swarm environments.
Host
These operations are only relevant for Docker Standalone environments.
Swarm
These operations are only relevant for Docker Swarm environments.
Registries
Notes
Standard / Read only users (and Operators in the case of ownership operations) have permission only if they are given access to the resource. This can be inherited, for example inheriting a service from a stack.
This operation is only relevant for Swarm environments.
This operation can be affected by the following security settings (Docker, Swarm):
Disable privileged mode for non-administrators
Disable the use of host PID 1 for non-administrators
Disable device mappings for non-administrators
Disable container capabilities for non-administrators
Disable bind mounts for non-administrators
This operation can only be performed under the allowed registry.