Registry: Add info about SA access to different types of registries#2753
Registry: Add info about SA access to different types of registries#2753ngrayluna wants to merge 5 commits into
Conversation
|
Preview deployment for your docs. Learn more about Mintlify Previews.
|
There was a problem hiding this comment.
Pull request overview
Adds documentation clarifying how service accounts (SAs) get access to registries depending on registry visibility and team roles, and updates related cross-references within the registry access docs.
Changes:
- Adds a new “Service account access” section describing SA access behavior for Organization vs Restricted visibility registries.
- Expands the service account footnote to link readers to the new section.
- Updates the “registry role permissions” link near the “Add a user or a team” section.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
📚 Mintlify Preview Links📝 Changed (1 total)📄 Pages (1)
🤖 Generated automatically when Mintlify deployment succeeds |
🔗 Link Checker Results✅ All links are valid! No broken links were detected. Checked against: https://wb-21fd5541-sa-registry-access.mintlify.app |
| The following describes the default access level for a service account: | ||
|
|
||
| - **Registries with Organization visibility**: a service account automatically has **Member** access. | ||
| - **Registries with Restricted visibility**: service acount access depends on the role assigned to the service account's team: |
There was a problem hiding this comment.
| - **Registries with Restricted visibility**: service acount access depends on the role assigned to the service account's team: | |
| - **Registries with Restricted visibility**: service acount access depends on the role assigned to the service account's team or the service account itself: |
There was a problem hiding this comment.
this still reads to me as though one needs to assign a team role for the service account to receive a role in a restricted registry. i think we should instead focus on how service accounts dont inherit higher permissions just because a team they're in gets assigned "admin" in a registry. (and this is true for both restricted and non-restricted registries)
Description
Add info about SA access to different types of registries.
Related issues
https://coreweave.atlassian.net/browse/DOCS-2549