Feature Request: Granular Control Over Docker Hub Image Permissions

[James-von-Detroit]

Description:
We are seeking more granular control over Docker Hub image permissions to better manage our Docker environment.

Current Settings Scenario: (In Docker Hub's Organization Settings > Image Access)

• Allow all “Organizational Images”
• Allow all “Docker Official Images”
• Restrict “Docker Verified Publisher Images”
• Restrict “Community Images”

Issue:
Our current scenario does not allow us to permit specific images from the restricted categories. For instance, we need to allow certain images from the “Community Images” category while keeping other “Community Images” restricted. This limitation hinders our ability to scale and manage our Docker usage effectively. Currently, it’s an “all or nothing” option.

Request:
We request the ability to allow specific images from the restricted sections, similar to how you can granularly add sites for Registry Access. This feature would enable us to:

• Empower users to pull approved images.
• Maintain security by restricting unapproved images.
• Ensure a quick turnaround for users to get the latest versions.

Impact:
Without this feature, our ability to scale Docker usage is significantly impeded. We need this functionality to ensure efficient and secure management of our Docker environment. The lack of this feature serves as a severe blocker to Docker’s adoption and growth in an enterprise environment.

Moreover, not having this feature causes delays in accessing the latest versions of images. If we manually upload our own images, users will not have access to any new versions unless we manually upload them. When dealing with potentially hundreds of images (or more), this causes significant delays and does not scale well for large Docker organization groups.

Specific Use Cases:

• Our DevOps team needs to pull specific community images for continuous integration pipelines, but current restrictions force them to use outdated or less secure alternatives.
• Our data science team relies on certain verified publisher images for their workflows, and the inability to selectively allow these images disrupts their productivity.

Quantified Impact:

• We manage MANY images and update them weekly. The current process adds MANY hours of manual work per week.
• Implementing this feature could save us a lot of time, allowing our teams to focus on more critical tasks.

Security and Compliance:

• Our organization adheres to strict compliance standards, and this feature would help us maintain these standards by ensuring only approved images are used.
• Enhanced control over image permissions would reduce the risk of security vulnerabilities from unapproved images.

Industry Standards:

• Other container management platforms, such as Kubernetes with its RBAC policies, offer more granular control over resource access. Docker Hub could benefit from aligning with these industry standards.