Reputation: 11
Gitlab: Maintainer permissions when shared group with group not working as expected
I am running a gitlab-ce instance where we solve access level on group level by sharing groups with user groups. An example:
There is a group products with a couple of projects in there. No user is directly added as member to that group. There is another group called developers. Product developers are added to developers with maintainer access.
The group products is shared with developers with a maximum role of maintainer.
With that I would assume, that I can transfer a project that I am owner of to group products. However, the list of groups I can transfer my project to only contains groups where I am a direct member with the maintainer role.
TLDR:
- Group
productsis shared with groupdeveloperswith max role maintainer - User Bob is member of
developerswith the maintainer role - Bob is owner of project
bobs_project - Bob cannot transfer
bobs_projecttoproducts(but he could transfer it todevelopers)
From my understanding of the relevant documentation Bob should have the same rights in products as someone directly added as maintainer to products. However, that seems not to be the case.
Am I missing something?
Upvotes: 1
Views: 1656
Answers (1)
Reputation: 1328152
A few points from the documentation you reference might be relevant in your setup:
When transferring groups, note:
- You can only transfer groups to groups you manage.
- Only explicit group membership is transferred, not inherited membership. If the group’s owners have only inherited membership, this leaves the group without an owner. In this case, the user transferring the group becomes the group’s owner.
Here, Bob has inherited rights in products, not direct rights. That might explain why the group is not listed.
You can check and see that with GitLab 17.4 (September 2024), which comes with:
Improved source display for group and project members
We have simplified the display of the source column on the Members page for groups and projects.
- Direct members are still indicated as
Direct member.- Inherited members are now listed as
Inherited fromfollowed by the group name.- Members that were added by inviting a group to the group or project are listed as
Invited groupfollowed by the group name.For members that inherited from an invited group that was added to a parent group, we now display the last step to keep the display actionable for users managing membership.
See Documentation and Issue.
Upvotes: 0
Related Questions
- Gitlab.com: How to restrict/allow repositories view to specific users in a group?
- GITLAB : cannot create a Group using the API as root
- Gitlab: how to allow user to create project under a group namespace
- How do I add a maintainer as an owner of a project on Gitlab
- Gitlab: Can group maintainers access private group projects?
- GitLab: one group of people for all the projects in group
- GitLab Permissions
- GitLab CE - user permissions
- Managing access rights in GitLab group
- Changing group permission GitLab 7.2 CE