HCP Packer permissions

This topic provides reference information about user permissions for HCP Packer. Permissions are role-based access controls (RBAC) inherited from the HCP organization or HCP project. Refer to the global user permissions reference for additional information about HCP RBAC.

Introduction

HCP users have different level of permissions to perform actions in HCP Packer depending on the assigned roles. Users inherit permissions based on their roles at either the organization, project, or HCP Packer bucket level.

Resolution for multiple roles

When a user account is assigned multiple roles, the permission set from each role is additive. For example, if userA has the HCP project contributor role, and is then given the viewer role in HCP Packer bucketA, the effective permission for userA in bucketA is contributor.

In a different scenario, if userB has the HCP project viewer role, and is then given the contributor role in HCP Packer bucketA, the effective permission for userB in bucketA is contributor.

The effective HCP Packer permissions for the users from both example scenarios are:

• The userA has contributor registry permissions at the project level, and contributor bucket permissions at the bucketA level.
• The userB has viewer registry permissions at the project level, and contributor bucket permissions at the bucketA level.

Registry permissions

The following table describes HCP Packer registry permissions inherited based on user's role at either the organization or project level.

Bucket permissions

The following table describes HCP Packer bucket permissions inherited based on user's role at the bucket level.

Refer to Update a bucket's user permissions for instructions about setting user permissions for buckets.

Assign roles to users

Refer to the users page to learn how to invite users and assign roles.

The service principals page describes how to create a service principal.