Azure
Roadmap: Entra ABAC for ACR (Entra-based Repository Namespace Access Control)
With registries used by multiple teams in an organization, we need to have a more granular way to manage the access to repositories and images.
This item tracks the progress of ACR ABAC from Private Preview, to Public Preview, towards GA.
Feature docs: https://aka.ms/acr/auth/abac
We're excited to share that ACR ABAC for Entra Repository Permissions is now in Public Preview, with revamped documentation available at https://aka.ms/acr/auth/abac -- feel free to try it out!
If you have any questions or need onboarding support, please contact [email protected].
If you have any questions on GA timelines or would like to follow along this feature's progress, please feel free to follow this GitHub issue https://github.com/Azure/acr/issues/809
Any chance this will support Principal Attributes in assignment conditions like Azure Storage does? While being able to restrict what native principals can access is beneficial, a huge use case for us is to not have a large number of RBAC assignments; as it stands I have well over 30 tokens and matching scope maps assigned to our current ACR instance and it grows monthly. Being able to manage access with CSA's on service principals would be significantly less irritating to manage.
Hi @snuxoll, at this time, we don't have plans yet for ABAC conditions based on an identity's custom security attributes like storage accounts.
Today marks the general availability of Azure Container Registry (ACR) repository permissions with Microsoft Entra attribute-based access control (ABAC)! Please checkout out the blog post at https://techcommunity.microsoft.com/blog/appsonazureblog/azure-container-registry-repository-permissions-with-attribute-based-access-cont/4467182
This issue tracks the GA of Entra ABAC for ACR Repository Permissions. As such, with the GA, this item will be closed.