The repository docker-login is needed to allow users the ability to login. The login is only required once and will provide a token that identifies the particular user that logged in. This token will then be supplied regardless of the repository the user is pushing or pulling from. These pull/push requests will follow the permissions the user has to those particular repositories and not to the repository docker-login, so permissions will work as expected.