| Feature | Viewer | Operator | Admin |
|---|---|---|---|
| Image Gallery | ✅ | ✅ | ✅ |
| Image Creator | RO | RW | RW |
| Actions | RO | RW | RW |
| Self-hosted Registry | ⛔ | ✅ | ✅ |
| User Management + SAML | ⛔ | ⛔ | RW |
| Token Management | RO | RW | RW |
| Helm Charts | ✅ | ✅ | ✅ |
| Activity Logs | ⛔ | ⛔ | ✅ |
- RO stands for Read-only
- RW stands for Read and Write
Highest role “wins”
If a SAML user belongs to multiple groups with competing roles, Minimus will assign the highest available role. The calculation is done at runtime. Assigning the highest role provides a clear and predictable method for resolving overlapping permissions. This approach prevents accidental loss of required access and avoids ambiguity. It also simplifies permission evaluation and makes access configurations easier for administrators and users to understand.New group assignment
Group membership cannot reduce a user’s permissions. You can be confident that adding an existing SAML user to another group will not unintentionally reduce their role.SAML user role
Typically, SAML user roles are managed via groups. However, you have the option to elevate a specific user’s role independently of any group. InstructionsTroubleshooting SAML user permissions
-
In case of recent SAML changes, ask the user to log out then log back in. SAML changes only take effect when the user logs in.
-
Make sure the group is correctly configured in the Minimus SAML form. Learn more
-
Check for a SAML user role override in the users page. Learn more
