Skip to content

Groups

Groups represent teams or departments. They provide a shared namespace for storage access and can be added as members to multiple projects.

Access: All users can belong to groups. Group creation is typically done by admins; users can request a group via Requests.

Group Membership Model

graph LR
    GroupAdmin["Group Admin\n(manages members\n& permissions)"]
    GroupMember["Group Member\n(access to group storage\n& projects)"]
    Group["Group"]

    GroupAdmin -->|manages| Group
    Group -->|includes| GroupMember
    Group -->|can be member of| Project["Projects"]
    Group -->|owns| GroupStorage["Group Storage PVCs"]

Groups List Page

Groups list page Figure 1: Groups list showing group cards with member count, storage information, and policy badges.

Each group card shows: - Group name and description - Number of members - Associated storage PVCs - Storage Policy and Registry Policy badges — assigned by an admin to control which storage classes are available when provisioning a new group PVC and which Harbor namespace receives the group's image builds - Actions: View, Edit (admin only), Delete (admin only)

View a Group

Click any group card to open its detail page. The detail page shows:

  1. Members tab — all group members with their roles
  2. Storage tab — PVCs owned by this group and their permission settings

Join a Group

Group membership is managed by group admins or platform admins. To join a group:

  1. Submit a request via Requests — select type Access Request.
  2. Describe which group you need access to and why.
  3. A group admin or platform admin will review and add you.

Add Members to a Group

Requires Group Admin role.

  1. Open the group and click + Add Members (top-right of Members tab).
  2. Search for users by username or email.
  3. Select users from the results list.
  4. Click Add to confirm.

The results table only shows users who are not already members of the group. Search and pagination are calculated by the backend against that addable-user set, so moving between pages will not show already-added members or blank pages caused by client-side filtering.

Add members to group Figure 2: Add members dialog with user search and selection.

Storage Permission Inheritance

Group storage permissions cascade to projects in a dual-path model:

flowchart TD
    GroupAdmin["Group Admin\nsets permissions on group PVC"] -->|batch operation| GroupPVC["Group PVC\npermissions (source of truth)"]
    GroupPVC -->|inherited, read-only rows| ProjectStoragePage["Project Storage Page\n(group member rows)"]
    ProjectAdmin["Project Admin\nmanages non-group members"] -->|direct management| DirectRows["Project PVC permissions\n(non-group members only)"]
    DirectRows --> ProjectStoragePage

Key rule: If you are a group member, your storage permissions on a project-bound PVC are always determined by the group — they cannot be overridden at the project level. The project storage page shows your inherited row as read-only with an info badge linking to the group permissions page.

Common Questions

I can see a group but can't add members.

Adding members requires Group Admin role. If you need to manage group membership, ask your current group admin or platform admin to elevate your role.

Why are my storage permissions greyed out on the project page?

You are a group member of the group that owns this storage. Your permissions are managed at the group level. Navigate to the group's Storage tab to see your effective permissions.

How do I leave a group?

Contact your group admin or platform admin to remove you from the group. Self-removal is not currently supported.