More reorg

This commit is contained in:
Stuart Clements 2019-12-18 16:52:48 +01:00
parent 751960e48b
commit 1a9e57a83e
3 changed files with 18 additions and 25 deletions

View File

@ -30,6 +30,7 @@ This section describes how to use and maintain Harbor after deployment. These da
- [Configure OIDC Provider Authentication](administration/configure_authentication/oidc_auth.md) - [Configure OIDC Provider Authentication](administration/configure_authentication/oidc_auth.md)
- [Role Based Access Control](administration/managing_users/rbac.md) - [Role Based Access Control](administration/managing_users/rbac.md)
- [User Permissions By Role](administration/managing_users/user_permissions_by_role.md) - [User Permissions By Role](administration/managing_users/user_permissions_by_role.md)
- [Create User Accounts in Database Mode](administration/managing_users/create_users_db.md)
- [Administrator Options](administration/general_settings.md) - [Administrator Options](administration/general_settings.md)
- [Configure Project Settings](administration/configure_project_settings.md) - [Configure Project Settings](administration/configure_project_settings.md)
- [Set Project Quotas](administration/set_project_quotas.md) - [Set Project Quotas](administration/set_project_quotas.md)

View File

@ -1,5 +1,14 @@
# Harbor Administration # Harbor Administration
This section describes how to configure and maintain Harbor after deployment. These day 2 operations are performed by the Harbor Administrator. This section describes how to configure and maintain Harbor after deployment. These operations are performed by the Harbor system administrator. The Harbor system administrator performs global configuration operations that apply to the whole Harbor instance.
RECREATE LINKS AND INDEX HERE The operations that are performed by the Harbor system administrator are the following.
- Select database, LDAP/Active Directory, or OIDC based authentication. For information, see [Configuring Authentication](administration/configure_authentication/configure_authentication.md)
- Add users in database authentication mode and assign the system administrator role to other users. For information, see [Role Based Access Control](administration/managing_users/rbac.md)
- Configure general system settings. For information, see [Administrator Options](administration/general_settings.md)
- Configure how projects are created, and apply resource quotas to projects. For information, see [Configure Project Settings](administration/configure_project_settings.md)
- Set up replication of images between Harbor and another Harbor instance or a 3rd party replication target. For information, see [Configuring Replication](administration/configuring_replication/configuring_replication.md)
- Set up vulnerability scanners to check the images in the registry for CVE vulnerabilities. For information, see [Vulnerability Scanning](administration/vulnerability_scanning/vulnerability_scanning.md)
- Perform garbage collection, to remove unnecessary data from Harbor. For information, see [Garbage Collection](administration/garbage_collection.md)
- Upgrade Harbor when a new version becomes available. For information, see [Upgrading Harbor](administration/upgrade/_index.md)

View File

@ -1,8 +1,8 @@
# Harbor Role Based Access Control (RBAC) # Harbor Role Based Access Control (RBAC)
![rbac](../../img/rbac.png) Harbor manages images through projects. You provide access to these images to users by including the users in projects and assigning one of the following roles to them.
Harbor manages images through projects. Users can be added into one project as a member with one of the following different roles: ![rbac](../../img/rbac.png)
* **Limited Guest**: A Limited Guest does not have full read privileges for a project. They can pull images but cannot push, and they cannot see logs or the other members of a project. For example, you can create limited guests for users from different organizations who share access to a project. * **Limited Guest**: A Limited Guest does not have full read privileges for a project. They can pull images but cannot push, and they cannot see logs or the other members of a project. For example, you can create limited guests for users from different organizations who share access to a project.
* **Guest**: Guest has read-only privilege for a specified project. They can pull and retag images, but cannot push. * **Guest**: Guest has read-only privilege for a specified project. They can pull and retag images, but cannot push.
@ -17,30 +17,13 @@ Besides the above roles, there are two system-level roles:
For full details of the permissions of the different roles, see [User Permissions By Role](user_permissions_by_role.md). For full details of the permissions of the different roles, see [User Permissions By Role](user_permissions_by_role.md).
[Configure Harbor User Settings at the Command Line](configure_user_settings_cli.md) If you run Harbor in database authentication mode, you create user accounts directly in the Harbor interface. For information about how to create local user accounts, see [Create User Accounts in Database Mode](create_users_db.md).
## Create User Accounts If you run Harbor in LDAP/AD or OIDC authentication mode, you create and manage user accounts in your LDAP/AD or OIDC provider. Harbor obtains the users from the LDAP/AD or OIDC server and displays them in the **Users** tab of the Harbor interface.
In database authentication mode, the Harbor system administrator creates user accounts manually. ## Assigning the Harbor System Administrator Role
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges. Harbor system administrators can assign the Harbor system administrator role to other users by selecting usernames and clicking **Set as Administrator** in the **Users** tab.
1. Under **Administration**, go to **Users**.
![Create user account](../../img/create_user.png)
1. Click **New User**.
1. Enter information about the new user.
![Provide user information](../../img/new_user.png)
- The username must be unique in the Harbor system
- The email address is used for password recovery
- The password must contain at least 8 characters with 1 lowercase letter, 1 uppercase letter and 1 numeric character
If users forget their password, there is a **Forgot Password** in the Harbor log in page.
## Assigning the Administrator Role
Harbor system administrators can assign the Harbor system administrator role to other users by selecting usernames and clicking Set as Administrator in the **Users** tab.
![browse project](../../img/new_set_admin_remove_user.png) ![browse project](../../img/new_set_admin_remove_user.png)