feedback

Author: sarahsanders-docker

content/manuals/enterprise/security/roles-and-permissions/_index.md

@@ -5,8 +5,8 @@ description: Control access to content, registry, and organization management wi
 keywords: roles, permissions, custom roles, core roles, access control, organization management, docker hub, admin console, security
 tags: [admin]
 aliases:
- - /admin/organization/roles/
- - /security/for-admins/roles-and-permissions/
+  - /admin/organization/roles/
+  - /security/for-admins/roles-and-permissions/
 grid:
   - title: "Core roles"
     description: Learn about Docker's built-in Member, Editor, and Owner roles with predefined permissions.
@@ -34,9 +34,9 @@ Docker provides two types of roles to meet different organizational needs:
 
 Core roles are Docker's built-in roles with predefined permission sets:
 
-- Member: Non-administrative role with basic access. Members can view other organization members and pull images from repositories they have access to.
-- Editor: Partial administrative access. Editors can create, edit, and delete repositories, and manage team permissions for repositories.
-- Owner: Full administrative access. Owners can manage all organization settings, including repositories, teams, members, billing, and security features.
+- **Member**: Non-administrative role with basic access. Members can view other organization members and pull images from repositories they have access to.
+- **Editor**: Partial administrative access. Editors can create, edit, and delete repositories, and manage team permissions for repositories.
+- **Owner**: Full administrative access. Owners can manage all organization settings, including repositories, teams, members, billing, and security features.
 
 ### Custom roles
 
@@ -52,6 +52,7 @@ Use core roles when:
 - Your access control needs are standard and don't require fine-grained permissions
 
 Use custom roles when:
+
 - You need specific permission combinations not available in core roles
 - You want to create specialized roles like billing administrators, security auditors, or repository managers
 - You need department-specific access control
@@ -61,13 +62,13 @@ Use custom roles when:
 
 Users and teams can be assigned either a core role or a custom role, but not both. However, roles work in combination with team permissions:
 
-1. Role permissions: Applied organization-wide (core or custom role)
-2. Team permissions: Additional permissions for specific repositories when users are added to teams
+1. **Role permissions**: Applied organization-wide (core or custom role). Custom roles can grant permissions to both organization-wide settings and repository access.
+2. **Team permissions**: Additional repository-specific permissions when users are added to teams. This is a separate permission system from role-based permissions.
 
 This layered approach gives you flexibility to provide broad organizational access through roles and specific repository access through team memberships.
 
 ## Next steps
 
 Choose the role type that best fits your organization's needs:
 
-{{< grid >}}
+{{< grid >}}

content/manuals/enterprise/security/roles-and-permissions/core-roles.md

@@ -3,50 +3,48 @@ title: Core roles
 description: Control access to content, registry, and organization management with roles in your organization.
 keywords: members, teams, organization, company, roles, access, docker hub, admin console, security, permissions
 aliases:
-- /docker-hub/roles-and-permissions/
-- /security/for-admins/roles-and-permissions/
-- /enterprise/security/roles-and-permissions/
+  - /docker-hub/roles-and-permissions/
+  - /security/for-admins/roles-and-permissions/
+  - /enterprise/security/roles-and-permissions/
 ---
 
 {{< summary-bar feature_name="General admin" >}}
 
 Core roles are Docker's built-in roles with predefined permission sets.
-This page provides an overview of Docker's core and permissions for each role.
+This page provides an overview of Docker's core roles and permissions for each role.
 
 ## What are core roles?
 
 Docker organizations have three core roles:
 
-- Member: Non-administrative role with basic access. Members can view other organization members and pull images from repositories they have access to.
-- Editor: Partial administrative access. Editors can create, edit, and delete repositories. They can also manage team permissions for repositories.
-- Owner: Full administrative access. Owners can manage all organization settings, including repositories, teams, members, billing, and security features.
-
-## Permissions by role
+- **Member**: Non-administrative role with basic access. Members can view other organization members and pull images from repositories they have access to.
+- **Editor**: Partial administrative access. Editors can create, edit, and delete repositories. They can also manage team permissions for repositories.
+- **Owner**: Full administrative access. Owners can manage all organization settings, including repositories, teams, members, billing, and security features.
 
 > [!NOTE]
 >
-> An owner role assigned at the company level has the same access as an owner role assigned at the organization level. For more information, see [Company overview](/admin/company/).
+> A company owner has the same organization management permissions as an organization owner, but there are some content and registry permissions that company owners don't have (for example, repository pull/push). For more information, see [Company overview](/admin/company/).
 
 ### Content and registry permissions
 
 These permissions apply organization-wide, including all repositories in your organization's namespace.
 
 | Permission                                            | Member | Editor | Owner |
-| :---------------------------------------------------- | :----- | :----- | :----------------- |
-| Explore images and extensions                         | ✅     | ✅     | ✅                 |
-| Star, favorite, vote, and comment on content          | ✅     | ✅     | ✅                 |
-| Pull images                                           | ✅     | ✅     | ✅                 |
-| Create and publish an extension                       | ✅     | ✅     | ✅                 |
-| Become a Verified, Official, or Open Source publisher | ❌     | ❌     | ✅                 |
-| Observe content engagement as a publisher             | ❌     | ❌     | ✅                 |
-| Create public and private repositories                | ❌     | ✅     | ✅                 |
-| Edit and delete repositories                          | ❌     | ✅     | ✅                 |
-| Manage tags                                           | ❌     | ✅     | ✅                 |
-| View repository activity                              | ❌     | ❌     | ✅                 |
-| Set up Automated builds                               | ❌     | ❌     | ✅                 |
-| Edit build settings                                   | ❌     | ❌     | ✅                 |
-| View teams                                            | ✅     | ✅     | ✅                 |
-| Assign team permissions to repositories               | ❌     | ✅     | ✅                 |
+| :---------------------------------------------------- | :----- | :----- | :---- |
+| Explore images and extensions                         | ✅     | ✅     | ✅    |
+| Star, favorite, vote, and comment on content          | ✅     | ✅     | ✅    |
+| Pull images                                           | ✅     | ✅     | ✅    |
+| Create and publish an extension                       | ✅     | ✅     | ✅    |
+| Become a Verified, Official, or Open Source publisher | ❌     | ❌     | ✅    |
+| Observe content engagement as a publisher             | ❌     | ❌     | ✅    |
+| Create public and private repositories                | ❌     | ✅     | ✅    |
+| Edit and delete repositories                          | ❌     | ✅     | ✅    |
+| Manage tags                                           | ❌     | ✅     | ✅    |
+| View repository activity                              | ❌     | ❌     | ✅    |
+| Set up Automated builds                               | ❌     | ❌     | ✅    |
+| Edit build settings                                   | ❌     | ❌     | ✅    |
+| View teams                                            | ✅     | ✅     | ✅    |
+| Assign team permissions to repositories               | ❌     | ✅     | ✅    |
 
 When you add members to teams, you can grant additional repository permissions
 beyond their organization role:
@@ -57,45 +55,45 @@ beyond their organization role:
 ### Organization management permissions
 
 | Permission                                                        | Member | Editor | Owner |
-| :---------------------------------------------------------------- | :----- | :----- | :----------------- |
-| Create teams                                                      | ❌     | ❌     | ✅                 |
-| Manage teams (including delete)                                   | ❌     | ❌     | ✅                 |
-| Configure the organization's settings (including linked services) | ❌     | ❌     | ✅                 |
-| Add organizations to a company                                    | ❌     | ❌     | ✅                 |
-| Invite members                                                    | ❌     | ❌     | ✅                 |
-| Manage members                                                    | ❌     | ❌     | ✅                 |
-| Manage member roles and permissions                               | ❌     | ❌     | ✅                 |
-| View member activity                                              | ❌     | ❌     | ✅                 |
-| Export and reporting                                              | ❌     | ❌     | ✅                 |
-| Image Access Management                                           | ❌     | ❌     | ✅                 |
-| Registry Access Management                                        | ❌     | ❌     | ✅                 |
-| Set up Single Sign-On (SSO) and SCIM                              | ❌     | ❌     | ✅ \*              |
-| Require Docker Desktop sign-in                                    | ❌     | ❌     | ✅ \*              |
-| Manage billing information (for example, billing address)                 | ❌     | ❌     | ✅                 |
-| Manage payment methods (for example, credit card or invoice)              | ❌     | ❌     | ✅                 |
-| View billing history                                              | ❌     | ❌     | ✅                 |
-| Manage subscriptions                                              | ❌     | ❌     | ✅                 |
-| Manage seats                                                      | ❌     | ❌     | ✅                 |
-| Upgrade and downgrade plans                                       | ❌     | ❌     | ✅                 |
+| :---------------------------------------------------------------- | :----- | :----- | :---- |
+| Create teams                                                      | ❌     | ❌     | ✅    |
+| Manage teams (including delete)                                   | ❌     | ❌     | ✅    |
+| Configure the organization's settings (including linked services) | ❌     | ❌     | ✅    |
+| Add organizations to a company                                    | ❌     | ❌     | ✅    |
+| Invite members                                                    | ❌     | ❌     | ✅    |
+| Manage members                                                    | ❌     | ❌     | ✅    |
+| Manage member roles and permissions                               | ❌     | ❌     | ✅    |
+| View member activity                                              | ❌     | ❌     | ✅    |
+| Export and reporting                                              | ❌     | ❌     | ✅    |
+| Image Access Management                                           | ❌     | ❌     | ✅    |
+| Registry Access Management                                        | ❌     | ❌     | ✅    |
+| Set up Single Sign-On (SSO) and SCIM                              | ❌     | ❌     | ✅ \* |
+| Require Docker Desktop sign-in                                    | ❌     | ❌     | ✅ \* |
+| Manage billing information (for example, billing address)         | ❌     | ❌     | ✅    |
+| Manage payment methods (for example, credit card or invoice)      | ❌     | ❌     | ✅    |
+| View billing history                                              | ❌     | ❌     | ✅    |
+| Manage subscriptions                                              | ❌     | ❌     | ✅    |
+| Manage seats                                                      | ❌     | ❌     | ✅    |
+| Upgrade and downgrade plans                                       | ❌     | ❌     | ✅    |
 
 _\* If not part of a company_
 
 ### Docker Scout permissions
 
 | Permission                                            | Member | Editor | Owner |
-| :---------------------------------------------------- | :----- | :----- | :----------------- |
-| View and compare analysis results                     | ✅     | ✅     | ✅                 |
-| Upload analysis records                               | ✅     | ✅     | ✅                 |
-| Activate and deactivate Docker Scout for a repository | ❌     | ✅     | ✅                 |
-| Create environments                                   | ❌     | ❌     | ✅                 |
-| Manage registry integrations                          | ❌     | ❌     | ✅                 |
+| :---------------------------------------------------- | :----- | :----- | :---- |
+| View and compare analysis results                     | ✅     | ✅     | ✅    |
+| Upload analysis records                               | ✅     | ✅     | ✅    |
+| Activate and deactivate Docker Scout for a repository | ❌     | ✅     | ✅    |
+| Create environments                                   | ❌     | ❌     | ✅    |
+| Manage registry integrations                          | ❌     | ❌     | ✅    |
 
 ### Docker Build Cloud permissions
 
-| Permission                   | Member | Editor | Owner |
-| ---------------------------- | :----- | :----- | :----------------- |
-| Use a cloud builder          | ✅     | ✅     | ✅                 |
-| Create and remove builders   | ✅     | ✅     | ✅                 |
-| Configure builder settings   | ✅     | ✅     | ✅                 |
-| Buy minutes                  | ❌     | ❌     | ✅                 |
-| Manage subscription          | ❌     | ❌     | ✅                 |
+| Permission                 | Member | Editor | Owner |
+| -------------------------- | :----- | :----- | :---- |
+| Use a cloud builder        | ✅     | ✅     | ✅    |
+| Create and remove builders | ✅     | ✅     | ✅    |
+| Configure builder settings | ✅     | ✅     | ✅    |
+| Buy minutes                | ❌     | ❌     | ✅    |
+| Manage subscription        | ❌     | ❌     | ✅    |