Update content

umn/source/basics_of_the_container_engine.rst

@@ -115,3 +115,20 @@ This section describes how to compress a container image into a .tar or .tar.gz
 
       $ docker save -o nginx-all.tar nginx
       $ docker save -o nginx-latest.tar nginx:latest
+
+Importing an Image File
+-----------------------
+
+This section describes how to import an image package as an image using the **docker load** command.
+
+There are two modes:
+
+**docker load <** **Path/File name.tar**
+
+**docker load --input** **Path/File name.tar** or **docker load -i** **Path/File name.tar**
+
+Sample:
+
+.. code-block::
+
+   $ docker load --input fedora.tar

umn/source/faqs/general_faqs/about_swr.rst

@@ -0,0 +1,36 @@
+:original_name: swr_faq_0013.html
+
+.. _swr_faq_0013:
+
+About SWR
+=========
+
+How Many Images Can Be Stored in SWR?
+-------------------------------------
+
+SWR has no limit on the number of images. You can upload any number of images.
+
+What Is the Bandwidth of SWR?
+-----------------------------
+
+The bandwidth of SWR dynamically changes based on actual usage.
+
+Is SWR Charged?
+---------------
+
+The billing items of SWR include storage space and traffic. Currently, it is free of charge.
+
+Does SWR Support Querying the CPU Architecture (x86 or ARM) of an Image?
+------------------------------------------------------------------------
+
+-  For a public image, you can log in to the SWR console, go to the image center, search for the target image, and view its details, including the architectures supported by the image.
+
+-  For a private image, you can Run **docker inspect** **[Image name:Version name]** to query the image architecture.
+
+*Example:* **docker inspect openjdk:7**\ *.*
+
+
+.. figure:: /_static/images/en-us_image_0000001539405909.png
+   :alt: **Figure 1** Example
+
+   **Figure 1** Example

umn/source/faqs/general_faqs/are_there_quotas_for_swr_resources.rst

@@ -0,0 +1,20 @@
+:original_name: en-us_topic_0000001539549873.html
+
+.. _en-us_topic_0000001539549873:
+
+Are There Quotas for SWR Resources?
+===================================
+
+No quotas are imposed on SWR images. You can push as many images as you need.
+
+Quotas are imposed on the number of organizations a user can create, as shown in :ref:`Table 1 <en-us_topic_0000001539549873__table88365720443>`.
+
+.. _en-us_topic_0000001539549873__table88365720443:
+
+.. table:: **Table 1** SWR resource quotas
+
+   ============= =====
+   Resource Type Quota
+   ============= =====
+   Organization  5
+   ============= =====

umn/source/faqs/general_faqs/how_do_i_create_a_container_image.rst

@@ -17,7 +17,11 @@ Approach 1: Creating a Snapshot
 
 This approach is suitable for images that will only be updated occasionally.
 
-|image1|
+
+.. figure:: /_static/images/en-us_image_0165153802.png
+   :alt: **Figure 1** Creating a snapshot
+
+   **Figure 1** Creating a snapshot
 
 Procedure:
 
@@ -65,7 +69,11 @@ This approach is suitable for images that will be frequently updated. In :ref:`A
 
 The idea behind :ref:`Approach 2 <swr_faq_0012__section1690134131216>` is to write the process of :ref:`Approach 1 <swr_faq_0012__section1017412550210>` into a Dockerfile and then run the **docker build -t test/image:tag.** command to automatically build an image from the Dockerfile. In the preceding command, **.** indicates the path to the Dockerfile.
 
-|image2|
+
+.. figure:: /_static/images/en-us_image_0165153805.png
+   :alt: **Figure 2** Creating a Dockerfile to build an image
+
+   **Figure 2** Creating a Dockerfile to build an image
 
 Example Dockerfile:
 
@@ -199,6 +207,3 @@ Basic Syntax of Dockerfile
    Using the FROM instruction to build a child image based on the parent image created by the Dockerfile:
 
    **ONBUILD ADD. /app/src**: The **ADD. /app/src** command is automatically executed.
-
-.. |image1| image:: /_static/images/en-us_image_0165153802.png
-.. |image2| image:: /_static/images/en-us_image_0165153805.png

umn/source/faqs/general_faqs/index.rst

@@ -5,14 +5,20 @@
 General FAQs
 ============
 
--  :ref:`SWR Overview <swr_faq_0013>`
+-  :ref:`What Is SWR? <swr_faq_1011>`
+-  :ref:`About SWR <swr_faq_0013>`
 -  :ref:`How Do I Create a Container Image? <swr_faq_0012>`
 -  :ref:`How Do I Create an Image Package? <swr_faq_0004>`
+-  :ref:`Are There Quotas for SWR Resources? <en-us_topic_0000001539549873>`
+-  :ref:`Why Does Organization Creation Fail? <en-us_topic_0000001488470084>`
 
 .. toctree::
    :maxdepth: 1
    :hidden: 
 
-   swr_overview
+   what_is_swr
+   about_swr
    how_do_i_create_a_container_image
    how_do_i_create_an_image_package
+   are_there_quotas_for_swr_resources
+   why_does_organization_creation_fail

umn/source/faqs/general_faqs/swr_overview.rst

@@ -1,26 +0,0 @@
-:original_name: swr_faq_0013.html
-
-.. _swr_faq_0013:
-
-SWR Overview
-============
-
-How Many Images Can Be Stored in SWR?
--------------------------------------
-
-SWR has no limit on the number of images. You can upload any number of images.
-
-Can I Push Arm-based Container Images to SWR?
----------------------------------------------
-
-SWR has no restriction on the kernel architecture of images. There is no difference between pushing an Arm-based image and an x86-based image to SWR.
-
-What Protocol Is Used to Push Images to SWR When I Run the docker push Command?
--------------------------------------------------------------------------------
-
-HTTPS is used.
-
-Will an Image Be Overwritten If I Push an Image That Have the Same Name and Tag with it?
-----------------------------------------------------------------------------------------
-
-Yes, the original image will be overwritten.

umn/source/faqs/general_faqs/what_is_swr.rst

@@ -0,0 +1,8 @@
+:original_name: swr_faq_1011.html
+
+.. _swr_faq_1011:
+
+What Is SWR?
+============
+
+SoftWare Repository for Container (SWR) allows users to easily manage the full lifecycle of container images and facilitates secure deployment of images for your applications.

umn/source/faqs/general_faqs/why_does_organization_creation_fail.rst

@@ -0,0 +1,12 @@
+:original_name: en-us_topic_0000001488470084.html
+
+.. _en-us_topic_0000001488470084:
+
+Why Does Organization Creation Fail?
+====================================
+
+Symptom: The creation of an organization fails, and a message is displayed indicating that the organization already exists. However, the organization is not found on the **Organizations** page.
+
+Solution: Change the organization name to one which is globally unique in the Region.
+
+If a message is displayed indicating that the organization already exists, the organization name may have been used by another user. Use another organization name.

umn/source/faqs/image_management_faqs/how_many_tenants_can_i_share_an_swr_private_image_with.rst

@@ -0,0 +1,8 @@
+:original_name: swr_faq_1013.html
+
+.. _swr_faq_1013:
+
+How Many Tenants Can I Share an SWR Private Image with?
+=======================================================
+
+500

umn/source/faqs/image_management_faqs/image_push_and_pull.rst

@@ -0,0 +1,48 @@
+:original_name: swr_faq_1012.html
+
+.. _swr_faq_1012:
+
+Image Push and Pull
+===================
+
+How Do I Push an Image to SWR Through APIs?
+-------------------------------------------
+
+Currently, SWR does not provide APIs for image push. You can push images using the **docker push** command on a client or using the SWR console.
+
+How Do I Pull an Image from SWR by Calling APIs?
+------------------------------------------------
+
+Currently, SWR does not provide APIs for image pull. You can pull images using the **docker push** command on a client.
+
+Can I Push Arm-based Container Images to SWR?
+---------------------------------------------
+
+SWR has no restriction on the kernel architecture of images. There is no difference between pushing an Arm-based image and an x86-based image to SWR.
+
+What Protocol Is Used to Push Images to SWR When I Run the **docker push** Command?
+-----------------------------------------------------------------------------------
+
+HTTPS is used.
+
+Will an Image Be Overwritten If I Push an Image That Have the Same Name and Tag with it?
+----------------------------------------------------------------------------------------
+
+Yes, the original image will be overwritten.
+
+Where Are the Images Pulled by Running the **docker pull** Command Stored?
+--------------------------------------------------------------------------
+
+Images pulled by running the **docker pull** command are stored on your local hosts. You can run the **docker save** command to save images into TAR archive files.
+
+What Is the Maximum Size of an SWR Layer?
+-----------------------------------------
+
+If you use the container engine client to push images to SWR, each image layer cannot exceed 10 GB.
+
+Can SWR Be Accessed over Private Networks? Will I Be Charged for Pushing and Pulling Images over Private Networks?
+------------------------------------------------------------------------------------------------------------------
+
+If your machine and the image repository are in the same region, you can access the image repository through private networks. No additional fees are charged for private network access because you have paid for your servers and EIPs.
+
+If your machine and the image repository are in different regions, the node must have access to public networks to pull images from the image repository.

umn/source/faqs/image_management_faqs/index.rst

@@ -5,6 +5,8 @@
 Image Management FAQs
 =====================
 
+-  :ref:`Image Push and Pull <swr_faq_1012>`
+-  :ref:`How Many Tenants Can I Share an SWR Private Image with? <swr_faq_1013>`
 -  :ref:`What Are the Differences Between Long-Term Valid Login Commands and Temporary Login Commands? <swr_faq_0015>`
 -  :ref:`Why Is an Image Uploaded Through the Client to SWR Different in Size From One Uploaded Through the SWR Console? <swr_faq_0005>`
 -  :ref:`Can I Pull Container Images on the SWR Console to a Local PC? <swr_faq_0035>`
@@ -13,6 +15,8 @@ Image Management FAQs
    :maxdepth: 1
    :hidden: 
 
+   image_push_and_pull
+   how_many_tenants_can_i_share_an_swr_private_image_with
    what_are_the_differences_between_long-term_valid_login_commands_and_temporary_login_commands
    why_is_an_image_uploaded_through_the_client_to_swr_different_in_size_from_one_uploaded_through_the_swr_console
    can_i_pull_container_images_on_the_swr_console_to_a_local_pc

umn/source/faqs/index.rst

@@ -8,6 +8,7 @@ FAQs
 -  :ref:`General FAQs <swr_faq_1001>`
 -  :ref:`Image Management FAQs <swr_faq_1002>`
 -  :ref:`Troubleshooting <swr_faq_2000>`
+-  :ref:`Other FAQs <en-us_topic_0000001488475196>`
 
 .. toctree::
    :maxdepth: 1
@@ -16,3 +17,4 @@ FAQs
    general_faqs/index
    image_management_faqs/index
    troubleshooting/index
+   other_faqs/index

umn/source/faqs/other_faqs/how_do_i_obtain_the_docker_image_of_the_target_software.rst

@@ -0,0 +1,45 @@
+:original_name: en-us_topic_0000001488635100.html
+
+.. _en-us_topic_0000001488635100:
+
+How Do I Obtain the Docker Image of the Target Software?
+========================================================
+
+Searching Docker Hub for a Target Docker Image
+----------------------------------------------
+
+Docker Hub provides more than 400,000 public Docker images for downloading various software, and the number keeps increasing at a rate of 5,000 per week. Therefore, you can find the corresponding image version except for the software developed by yourself. The Docker Hub address is https://hub.docker.com/.
+
+You are advised to obtain certified images of the following software directly from Docker Hub, rather than building them from scratch.
+
+-  **Operating systems**
+
+   For example, Ubuntu, SUSE, and CentOS.
+
+   |image1|
+
+-  **Basic programming languages**
+
+   For example, Java, Python, R, and Golang.
+
+   |image2|
+
+-  **Popular software**
+
+   For example, Tomcat, MySQL, and Nginx.
+
+   |image3|
+
+Searching for the Docker Image of the Target Software from Google
+-----------------------------------------------------------------
+
+For software located in third-party image repositories, you can search for related images using Google. During the search, you only need to add Docker keywords next to software names.
+
+Example:
+
+|image4|
+
+.. |image1| image:: /_static/images/en-us_image_0000001539285933.png
+.. |image2| image:: /_static/images/en-us_image_0000001488366046.png
+.. |image3| image:: /_static/images/en-us_image_0000001488685838.png
+.. |image4| image:: /_static/images/en-us_image_0000001488845766.png

umn/source/faqs/other_faqs/how_many_tenants_can_i_share_an_swr_private_image_with.rst

@@ -0,0 +1,8 @@
+:original_name: en-us_topic_0000001539435061.html
+
+.. _en-us_topic_0000001539435061:
+
+How Many Tenants Can I Share an SWR Private Image with?
+=======================================================
+
+500.

umn/source/faqs/other_faqs/index.rst

@@ -0,0 +1,18 @@
+:original_name: en-us_topic_0000001488475196.html
+
+.. _en-us_topic_0000001488475196:
+
+Other FAQs
+==========
+
+-  :ref:`Why Does a CCE Workload Cannot Pull an Image from SWR and the Message Indicating "Not Logged In" Is Displayed? <en-us_topic_0000001539235197>`
+-  :ref:`How Many Tenants Can I Share an SWR Private Image with? <en-us_topic_0000001539435061>`
+-  :ref:`How Do I Obtain the Docker Image of the Target Software? <en-us_topic_0000001488635100>`
+
+.. toctree::
+   :maxdepth: 1
+   :hidden: 
+
+   why_does_a_cce_workload_cannot_pull_an_image_from_swr_and_the_message_indicating_not_logged_in_is_displayed
+   how_many_tenants_can_i_share_an_swr_private_image_with
+   how_do_i_obtain_the_docker_image_of_the_target_software

umn/source/faqs/other_faqs/why_does_a_cce_workload_cannot_pull_an_image_from_swr_and_the_message_indicating_not_logged_in_is_displayed.rst

@@ -0,0 +1,35 @@
+:original_name: en-us_topic_0000001539235197.html
+
+.. _en-us_topic_0000001539235197:
+
+Why Does a CCE Workload Cannot Pull an Image from SWR and the Message Indicating "Not Logged In" Is Displayed?
+==============================================================================================================
+
+If a CCE workload cannot pull an SWR image and the message indicating "Not logged in" is displayed, check whether the YAML file of the workload contains the **imagePullSecrets** field and whether the value of **name** is fixed to **default-secret**.
+
+Example:
+
+.. code-block::
+
+   apiVersion: extensions/v1beta1
+   kind: Deployment
+   metadata:
+     name: nginx
+   spec:
+     replicas: 1
+     selector:
+       matchLabels:
+         app: nginx
+     strategy:
+       type: RollingUpdate
+     template:
+       metadata:
+         labels:
+           app: nginx
+       spec:
+         containers:
+         - image: nginx
+           imagePullPolicy: Always
+           name: nginx
+         imagePullSecrets:
+         - name: default-secret

umn/source/faqs/troubleshooting/why_does_an_image_fail_to_be_uploaded_through_a_container_engine_client.rst

@@ -49,15 +49,8 @@ name invalid: 'repository' is invalid
 
 **Solution**: The regular expressions of the organization (namespace) name and image (repository) name are as follows:
 
-Organization name: The value contains a maximum of 64 characters and must meet regular expression **^([a-z]+(?:(?:(?:_|__|[-]*)[a-z0-9]+)+)?)$**.
+namespace: The value contains a maximum of 64 characters and must meet regular expression **^([a-z]+(?:(?:(?:_|__|[-]*)[a-z0-9]+)+)?)$**.
 
-Image name: The value contains a maximum of 128 characters and must meet regular expression **^([a-z0-9]+(?:(?:(?:_|__|[-]*)[a-z0-9]+)+)?)$**.
+repository: The value contains a maximum of 128 characters and must meet regular expression **^([a-z0-9]+(?:(?:(?:_|__|[-]*)[a-z0-9]+)+)?)$**.
 
 Specify a valid organization name or image name, and push the image again.
-
-Image Push Occasionally Times Out
----------------------------------
-
-**Problem**: Image push occasionally times out.
-
-**Solution**: When you push an image from a server in Chinese mainland to a server outside Chinese mainland, the network may be unstable.

umn/source/faqs/troubleshooting/why_does_the_docker_pull_command_fail_to_be_executed.rst

@@ -17,7 +17,7 @@ x509: certificate sigined by unknown authority
 
 **Solution**:
 
--  If you trust the server, skip certificate authentication. Specifically, manually configure the container engine startup parameters using either of the following two methods. Replace *Image repository address* with the actual SWR repository address.
+-  If you trust the server and skip certificate authentication, manually configure the startup parameters for the container engine using either of the following methods (use the actual image repository address):
 
    -  Add the following configuration to the **/etc/docker/daemon.json** file. If the file does not exist, manually create it. Ensure that two-space indents are used in the configuration.
 
@@ -33,7 +33,7 @@ x509: certificate sigined by unknown authority
 
          INSECURE_REGISTRY='--insecure-registry=Image repository address'
 
-   After configuration, run the **systemctl restart docker** or **service restart docker** command to restart the container engine.
+   After configuration, run the **systemctl restart docker** or **service docker start** command to restart the container engine.
 
 -  Run the **docker info** command to check whether the proxy is correctly configured. If not, modify the configuration.
 

umn/source/faqs/troubleshooting/why_does_the_login_command_fail_to_be_executed.rst

@@ -39,17 +39,21 @@ Possible causes are as follows:
    a. Change the image repository address in the login command.
    b. Generate a temporary login command. For detailed instructions, see :ref:`2 <swr_faq_0016__li48456813192>`.
 
-4. **x509: certficate has expired or is not yet valid**
+4. **x509: certificate has expired or is not yet valid**
 
    The preceding error is reported when the AK/SK in the login command with long-term validity is deleted. In this case, use a valid AK/SK to generate a login command.
 
-5. **x509: certficate signed by unknown authority**
+5. **x509: certificate signed by unknown authority**
 
    **Possible Causes**:
 
-   The container engine client communicates with SWR through HTTPS. The client verifies the server certificate. If the server certificate is not issued by an authoritative organization, the following error message is displayed: "x509: certficate signed by unknown authority".
+   The container engine client communicates with SWR through HTTPS. The client verifies the server certificate. If the server certificate is not issued by an authoritative organization, the following error message is displayed: "x509: certificate signed by unknown authority"
 
-   |image2|
+
+   .. figure:: /_static/images/en-us_image_0000001137013964.png
+      :alt: **Figure 1** Error x509
+
+      **Figure 1** Error x509
 
    **Solutions**:
 
@@ -91,4 +95,3 @@ Possible causes are as follows:
    After the configuration, run the **systemctl restart docker** command to restart the container engine.
 
 .. |image1| image:: /_static/images/en-us_image_0168961239.png
-.. |image2| image:: /_static/images/en-us_image_0000001137013964.png

umn/source/image_management/obtaining_a_long-term_valid_login_command.rst

@@ -14,6 +14,17 @@ This section describes how to obtain a login command that is valid for a year.
 
    For security purposes, it is advised to obtain the login command in the development environment.
 
+Process
+-------
+
+You can obtain a long-term valid login command as the following process:
+
+
+.. figure:: /_static/images/en-us_image_0000001539605245.png
+   :alt: **Figure 1** Process
+
+   **Figure 1** Process
+
 Procedure
 ---------
 
@@ -48,25 +59,19 @@ Procedure
 
    **printf "$AK" \| openssl dgst -binary -sha256 -hmac "$SK" \| od -An -vtx1 \| sed 's/[ \\n]//g' \| sed 'N;s/\\n//'**
 
-   In the command, **$AK** and **$SK** indicate the AK and SK obtained in :ref:`Step 2 <swr_01_1000__li1863783911295>` respectively.
+   In the command, **$AK** and **$SK** indicate the AK and SK obtained in :ref:`2 <swr_01_1000__li1863783911295>` respectively.
 
 
    .. figure:: /_static/images/en-us_image_0165729699.png
-      :alt: **Figure 1** Sample command output
+      :alt: **Figure 2** Sample command output
 
-      **Figure 1** Sample command output
+      **Figure 2** Sample command output
 
 #. Put the information you obtained in the following format to generate a long-term valid login command:
 
    **docker login -u** [*Regional project name*]\ **@**\ [*AK*] **-p** [*Login key*] [*Image repository address*]
 
-   In the command, the regional project name and image repository address are obtained in :ref:`Step 1 <swr_01_1000__li5768123671815>`, the AK in :ref:`Step 2 <swr_01_1000__li1863783911295>`, and the login key in :ref:`Step 3 <swr_01_1000__li132430753010>`.
+   In the command, the regional project name and image repository address are obtained in :ref:`1 <swr_01_1000__li5768123671815>`, the AK in :ref:`2 <swr_01_1000__li1863783911295>`, and the login key in :ref:`3 <swr_01_1000__li132430753010>`.
-
-
-   .. figure:: /_static/images/en-us_image_0000001154534788.png
-      :alt: **Figure 2** Long-term login command
-
-      **Figure 2** Long-term login command
 
    .. note::
 

umn/source/image_management/pulling_an_image.rst

@@ -15,7 +15,7 @@ Procedure
 
 #. Log in to the VM running the container engine as the **root** user.
 
-#. Obtain a login command by referring to :ref:`Step 1 <swr_01_0011__en-us_topic_0112596104_en-us_topic_0075378957_li58001655123>` and access SWR.
+#. Obtain a login command by referring to :ref:`1 <swr_01_0011__en-us_topic_0112596104_en-us_topic_0075378957_li58001655123>` and access SWR.
 
 #. Log in to the SWR console.
 
@@ -31,7 +31,7 @@ Procedure
 
       **Figure 1** Obtaining the image pull command
 
-#. Run the **image pull** command obtained in :ref:`Step 5 <swr_01_0017__en-us_topic_0084266454_li197783469319>` on the VM.
+#. Run the **image pull** command obtained in :ref:`5 <swr_01_0017__en-us_topic_0084266454_li197783469319>` on the VM.
 
    Run the **docker images** command to check whether the images are successfully pulled.
 

umn/source/image_management/uploading_an_image_through_the_client.rst

@@ -36,7 +36,7 @@ Prerequisites
              ]
          }
 
-      To obtain the value of {*Intranet address*}, log in to the SWR console. On the **Dashboard** page, click **Generate Login Command** and obtain the private network address (IP:20202) in the private network command.
+      To obtain the value of {*Intranet address*}, log in to the SWR console. On the **Dashboard** page, click **Generate Login Command** and obtain the private network address in the private network command.
 
 
       .. figure:: /_static/images/en-us_image_0000001201043047.png

umn/source/index.rst

@@ -6,7 +6,8 @@ Software Repository for Containers - User Guide
    :maxdepth: 1
 
    service_overview/index
-   introduction
+   overview
+   permissions_management/index
    basics_of_the_container_engine
    image_management/index
    organization_management

umn/source/organization_management.rst

@@ -31,7 +31,7 @@ You can create organizations based on the organizational structure of your enter
 #. In the navigation pane on the left, choose **Organization Management** and click **Create Organization**. On the page displayed, specify **Organization Name** and click **OK**.
 
 
-   .. figure:: /_static/images/en-us_image_0000001200800369.png
+   .. figure:: /_static/images/en-us_image_0000001361665969.png
       :alt: **Figure 2** Creating an Organization
 
       **Figure 2** Creating an Organization

umn/source/overview.rst

@@ -2,8 +2,8 @@
 
 .. _swr_01_0009:
 
-Introduction
+Overview
-============
+========
 
 SoftWare Repository for Container (SWR) allows you to easily manage the full lifecycle of container images and facilitates secure deployment of images for your applications.
 

umn/source/permissions_management/creating_a_user_and_granting_swr_permissions.rst

@@ -0,0 +1,49 @@
+:original_name: swr_01_0072.html
+
+.. _swr_01_0072:
+
+Creating a User and Granting SWR Permissions
+============================================
+
+This section describes how to use `IAM <https://docs.otc.t-systems.com/identity-access-management/umn/service_overview/what_is_iam.html#iam-01-0026>`__ to implement fine-grained permission management for your SWR resources. With IAM, you can:
+
+-  Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing SWR resources.
+-  Grant only the permissions required for users to perform a specific task.
+-  Entrust a cloud account or cloud service to perform efficient O&M on your SWR resources.
+
+If your account does not need individual IAM users, you may skip over this chapter.
+
+This section describes the procedure for granting permissions (see :ref:`Figure 1 <swr_01_0072__fig5293113815405>`).
+
+Prerequisite
+------------
+
+Learn about the permissions (see :ref:`Permissions Management <en-us_topic_0000001488156484>`) supported by SWR and choose policies or roles according to your requirements.
+
+Process Flow
+------------
+
+.. _swr_01_0072__fig5293113815405:
+
+.. figure:: /_static/images/en-us_image_0000001127297210.png
+   :alt: **Figure 1** Process for granting SWR permissions
+
+   **Figure 1** Process for granting SWR permissions
+
+#. .. _swr_01_0072__li8135822590:
+
+   `Create a user group and assign permissions <https://docs.otc.t-systems.com/identity-access-management/umn/getting_started/creating_a_user_group_and_assigning_permissions.html>`__.
+
+   Create a user group on the IAM console, and assign the **SWR Admin** policy to the group.
+
+#. `Create an IAM user and add the user to a user group <https://docs.otc.t-systems.com/identity-access-management/umn/getting_started/creating_a_user_and_adding_the_user_to_a_user_group.html>`__.
+
+   Create a user on the IAM console and add the user to the group created in :ref:`1 <swr_01_0072__li8135822590>`.
+
+#. `Log in <https://docs.otc.t-systems.com/identity-access-management/umn/getting_started/logging_in_as_a_user.html>`__ as the IAM user and verify the permissions.
+
+   Log in to the management console as the created user. Switch to the authorized region. Perform the following operations. If they can be successfully performed, the permissions are successfully granted.
+
+   a. Choose **Service List** > **Software Repository for Container**. The SWR console is displayed.
+   b. In the navigation pane on the left, choose **Organization Management**, click **Create Organization** in the upper right corner, and enter an organization name to create an organization.
+   c. In the navigation pane on the left, choose **My Images**, click **Upload Through SWR** in the upper right corner. Select the organization created in the previous step and a local image file. The image is successfully uploaded.

umn/source/permissions_management/index.rst

@@ -0,0 +1,14 @@
+:original_name: swr_01_0070.html
+
+.. _swr_01_0070:
+
+Permissions Management
+======================
+
+-  :ref:`Creating a User and Granting SWR Permissions <swr_01_0072>`
+
+.. toctree::
+   :maxdepth: 1
+   :hidden: 
+
+   creating_a_user_and_granting_swr_permissions

umn/source/service_overview/advantages.rst

@@ -20,5 +20,4 @@ Security and Reliability
 Image Acceleration
 ------------------
 
--  SWR uses the P2P image download acceleration technology to ensure faster image pull for CCE clusters in high concurrency scenarios.
+SWR uses the image pull acceleration technology to ensure faster image pull for CCE clusters in high concurrency scenarios.
--  Intelligent node scheduling around the globe ensures that your image build tasks can be automatically assigned to the idle nodes nearest to the image repository.

umn/source/service_overview/application_scenarios.rst

@@ -12,14 +12,14 @@ You can use SWR to build, push, pull, synchronize, and delete container images.
 
 **Advantages**
 
--  P2P download acceleration ensures faster image pull for CCE clusters.
+-  Pull acceleration ensures faster image pull for CCE clusters.
 -  Up to 99.999999999% image storage reliability is achieved by working with Object Storage Service (OBS).
 -  Fine-grained authorization allows you to control access to specific images and images in specific organizations.
 
-**Related Services**
+**Related service: Cloud Container Engine (CCE)**
 
-You can use SWR together with CCE in this scenario.
 
-|image1|
+.. figure:: /_static/images/en-us_image_0294353976.png
+   :alt: **Figure 1** SWR working with CCE
 
-.. |image1| image:: /_static/images/en-us_image_0294353976.png
+   **Figure 1** SWR working with CCE

umn/source/service_overview/index.rst

@@ -10,6 +10,7 @@ Service Overview
 -  :ref:`Application Scenarios <swr_03_0004>`
 -  :ref:`Basic Concepts <swr_03_0003>`
 -  :ref:`Notes and Constraints <swr_03_0007>`
+-  :ref:`Permissions <en-us_topic_0000001488156484>`
 -  :ref:`Related Services <swr_03_0006>`
 
 .. toctree::
@@ -21,4 +22,5 @@ Service Overview
    application_scenarios
    basic_concepts
    notes_and_constraints
+   permissions/index
    related_services

umn/source/service_overview/introduction.rst

@@ -26,9 +26,9 @@ Features
 
    Private image repository and fine-grained permission management allow you to grant different access permissions, namely, read, write, and edit, to different users.
 
--  **P2P acceleration of large scale image distribution**
+-  **Large scale image distribution acceleration**
 
-   SWR uses the image download acceleration technology to ensure faster image pull for CCE clusters in high concurrency scenarios.
+   SWR uses the image pull acceleration technology to ensure faster image pull for CCE clusters in high concurrency scenarios.
 
 Accessing SWR
 -------------

umn/source/service_overview/permissions/index.rst

@@ -0,0 +1,22 @@
+:original_name: en-us_topic_0000001488156484.html
+
+.. _en-us_topic_0000001488156484:
+
+Permissions
+===========
+
+If you need to assign different permissions to employees in your enterprise to access your SWR resources, Identity and Access Management (IAM) is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, enabling secure access to your cloud resources.
+
+With IAM, you can use your account to create IAM users, and assign permissions to the users to control their access to specific cloud resources. For example, some software developers in your enterprise need to use SWR resources but should not be allowed to delete the resources or perform any other high-risk operations. In this scenario, you can create IAM users for the software developers and grant them only the permissions required for using SWR resources.
+
+If your account does not require individual IAM users for permissions management, skip this section.
+
+IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see `IAM Service Overview <https://docs.otc.t-systems.com/identity-access-management/umn/service_overview/what_is_iam.html>`__.
+
+-  :ref:`SWR Permissions <en-us_topic_0000001488156664>`
+
+.. toctree::
+   :maxdepth: 1
+   :hidden: 
+
+   swr_permissions

umn/source/service_overview/permissions/swr_permissions.rst

@@ -0,0 +1,29 @@
+:original_name: en-us_topic_0000001488156664.html
+
+.. _en-us_topic_0000001488156664:
+
+SWR Permissions
+===============
+
+By default, new IAM users do not have any permissions granted. You need to add them to one or more groups and attach permissions policies or roles to these groups. In this way, the users can inherit permissions from the groups and perform operations on specific cloud resources.
+
+SWR is a project-level service deployed and accessed in specific physical regions. To assign AOM permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect. If **All projects** is selected, the permissions will take effect for the user group in all region-specific projects. When accessing SWR, the users need to switch to a Region where they have been authorized to use this service.
+
+.. table:: **Table 1** SWR permissions
+
+   +------------------------+----------------------------------------------------------------------------------------------+---------------------+
+   | Name                   | Description                                                                                  | Type                |
+   +========================+==============================================================================================+=====================+
+   | SWR Admin              | SWR administrator permissions, including all SWR permissions.                                | System-defined role |
+   +------------------------+----------------------------------------------------------------------------------------------+---------------------+
+   | Tenant Administrator   | Administrator permissions for all services except IAM, including all SWR permissions.        | System-defined role |
+   +------------------------+----------------------------------------------------------------------------------------------+---------------------+
+   | Tenant Guest           | Read-only permissions for all services except IAM, including permissions such as image pull. | System-defined role |
+   +------------------------+----------------------------------------------------------------------------------------------+---------------------+
+   | ServiceStage Developer | ServiceStage developer permissions, including permissions such as image pull.                | System-defined role |
+   +------------------------+----------------------------------------------------------------------------------------------+---------------------+
+
+.. note::
+
+   -  `Granting user permissions <https://docs.otc.t-systems.com/software-repository-container/umn/user_permissions.html>`__ enables you to grant different permissions, namely, read, write, and manage, to different users for them to access either a specific image or images of a specific organization.
+   -  In addition, SWR has the **SWR FullAccess**, **SWR OperateAccess**, and **SWR ReadOnlyAccess** permissions. However, the three are available only for SWR Enterprise Edition, which OBT has been suspended .

umn/source/user_permissions.rst

@@ -8,13 +8,13 @@ User Permissions
 Scenarios
 ---------
 
-To manage SWR permissions, you can use Identity and Access Management (IAM). If you have the SWR Admin or Tenant Administrator permission, you become an admin user of SWR. You can grant permissions to other IAM users in SWR.
+To manage SWR permissions, you can use Identity and Access Management (IAM). If you have the SWR Admin or Tenant Administrator permission, you become an admin user of SWR accounts. You can grant permissions to other IAM users in SWR.
 
-If you are not an SWR admin user, you can request an SWR admin user to grant you permissions to read, write, or manage a specific image or images in a specific organization.
+If you are not an SWR account admin user, you can request an SWR account admin user to grant you permissions to read, write, or manage a specific image or images in a specific organization.
 
 .. note::
 
-   -  An admin user is granted image management permission of all organizations by default, even if the user is not in the authorized user list of the organizations.
+   -  An SWR account admin user is granted image management permission of all organizations by default, even if the user is not in the authorized user list of the organizations.
    -  SWR is deployed and accessed in specific physical regions. To assign permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect.
 
 Authorization Method
@@ -65,7 +65,7 @@ Modifying or Deleting Permissions for a Specific Image
 You can also modify or delete user permissions on the image details page.
 
 -  To modify permissions, click **Modify** in the row of the desired username on the **Permissions** tab page. Select a permission in the **Permission** drop-down list, and click **Save** in the **Operation** column.
--  To delete permissions, click **Delete** in the row of the desired username on the **Permissions** tab page. In the dialog box displayed, enter **DELETE** and click **Yes**.
+-  To delete permissions, click **Delete** in the row of the desired username on the **Permissions** tab page, enter **DELETE** in the dialog box displayed, and then click **Yes**.
 
 .. _swr_01_0015__section950354645517: