docker access to the requested resource is not authorized
Master System Design with Codemia
Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.
Introduction
The Docker error saying access to the requested resource is not authorized usually appears during docker pull, docker push, or image builds that depend on a private base image. The message is generic, but the root cause is usually one of four things: wrong registry credentials, wrong repository name, missing permissions, or pointing at the wrong registry entirely.
Understand What Docker Is Trying to Reach
Before fixing credentials, verify the exact image reference. Docker image names encode registry, namespace, repository, and tag, and one typo can send the client to a different registry than you intended.
For example:
This is different from:
The second command defaults to Docker Hub, not your private registry. If the image only exists in the private registry, Docker Hub responds with an authorization or repository error that looks like a login problem even when the real issue is the image path.
Re-Authenticate Explicitly
If the image path is correct, refresh authentication first. Docker caches registry credentials locally, and stale tokens are a common cause of this error.
For Docker Hub, the login command is simply:
After logging in again, retry the exact pull or push command. If you use an access token instead of a password, make sure the token still exists and has the required scopes.
Verify Repository Permissions
Authentication and authorization are different. You may be logged in successfully but still lack permission to the repository.
Common examples:
- you can read public images but not private team images
- you can pull from a repository but not push to it
- your CI token can authenticate but is limited to one namespace
This matters especially in GitHub Container Registry, ECR, GitLab Container Registry, and self-hosted registries where repository-level permissions are separate from account login.
A quick sanity check is to try a repository you know you own. If that works but the target repository does not, the problem is likely access policy rather than Docker itself.
Watch for CI and Build Context Issues
This error often appears inside docker build when the Dockerfile uses a private base image.
In that case, the failure may not be about the final push. The builder cannot even fetch the base image. In CI, make sure the registry login happens before docker build, not only before docker push.
If you use BuildKit or a remote builder, confirm the builder environment also has access to the same credentials.
Registry-Specific Cases
Different registries produce similar messages for slightly different causes:
- Docker Hub may return this when the repository name is wrong or private.
- Amazon ECR requires a fresh login token from AWS CLI.
- GitHub Container Registry often requires a token with package read or write scope.
- Self-hosted registries may reject access because of TLS or proxy misconfiguration, which then looks like authorization failure.
For ECR, the login flow is different:

