1

Do we have any mechanism to allow user's to pull specified images only by using same Azure container registry.

As an example, let's say we have 2 clients (client1@mydomain.com, client2@mydomain.com) and 3 images (image A, Image B, Image C) in the same azure container registry (mydomain.azurecr.io).

  • Scenario

    1. client1@mydomain.com allow to pull image A, Image B, from ACR (mydomain.azurecr.io) and restrict to pull Image C.

    2. client2@mydomain.com to allow Image C from ACR (mydomain.azurecr.io) and restrict to pull image A, Image B.

Please refer the below diagram,

diagram

anXler
  • 175
  • 1
  • 1
  • 12

1 Answers1

1

No, you cannot achieve it in ACR. ACR only support to set permissions in the ACR level, not in the repositories.

Charles Xu
  • 29,862
  • 2
  • 22
  • 39
  • Thanks for the quick response, is there any other workaround for this. – anXler Oct 21 '19 at 07:40
  • @anXler Currently, there are no other ways in only one ACR. You can use different ACRs and set different permissions for the users. – Charles Xu Oct 21 '19 at 07:44
  • Thanks you @Charles Xu, appreciate you're responce – anXler Oct 21 '19 at 08:42
  • I have asked the very same question from Microsoft support and they informed me that, this is still on development process. https://feedback.azure.com/forums/903958-azure-container-registry/suggestions/31655977-configure-permissions-at-a-repository-level – anXler Oct 21 '19 at 09:27
  • 1
    @anXler Yeah, I think it's a necessary feature, a whole permission control only in one level is too simple and crude. – Charles Xu Oct 21 '19 at 09:30