Enhanced access and visibility

[jmhtfiserv]

Our business case:

We have the need/desire to publish images (repositories) to our clients in the context of software distribution. This calls for the ability to publish an image to a location reachable by the client (this is supported in current functionality) and grant controlled access to the clients (and their selected employees) to these images (this is partially supported).

Current behavior:

In the currently supported model, the ability to publish images and control access to those images is present. However, granting access to a client involves adding them to "our organization" which, in turn, makes visible to them all other organization members - our own associates as well as other clients, including possible competitors - as well as visibility to the configured teams and their memberships. So access control to the images is as expected, but the visibility to users and teams is too broad.

Desired behavior:

We would like an expansion of the roles granted to users with the ability to limit this visibility. From our perspective, it would be desirable that we can restrict a user's visibility to only the teams of which they are a member (and, of course, only those images permitted to those teams). I could see value in not granting the user visibility to any other users or any teams - just to the repositories (images) they are granted access to. In summary, we would like to see the access controls in this area enhanced.

[thaJeztah]

cc @technicallyjosh

[technicallyjosh]

Hey @jmhtfiserv thanks so much for the detailed write up. And, sorry for the late reply here.

I've forwarded this to our PMs. I'm involved in a couple things that definitely seem like they are related currently.

[mikedon]

hey @jmhtfiserv - thanks for reaching out. My name is Mike Donovan and a product leader at Docker. I would love to chat with you about this request to learn more. Would you mind sending me an email to [email protected] so we can continue the discussion?