Block user from creating group and project

jroberto1987 · July 22, 2019, 7:37am

Dear good afternoon
I have gitlab 11.7 installed in my environment authenticating in Active Directory, however, when users log in they have the power to create projects and groups, how do I lock this automatically?

alxlve · July 26, 2019, 1:23pm

To avoid new users to be able to create groups make sure the value of the following option is set to false:

gitlab_rails['gitlab_default_can_create_group'] = false

in the GitLab configuration file (/etc/gitlab/gitlab.rb for an Omnibus installation).

For an existing user you need to go to its profile page: <gitlab_url>/admin/users/<username>/edit and untick the Can create group option.
You need to repeat the operation for each user.

To avoid new users to be able to create projects make sure the value of the option Default projects limit in Admin Area > Settings > Account and limit is set to 0. You can directly access the page with this URL: <gitlab_url>/admin/application_settings.

For an existing user you need to go to its profile page: <gitlab_url>/admin/users/<username>/edit and set the Projects limit option to 0.
You need to repeat the operation for each user.

All GUI operations have to be performed logged in with an administrator account.

alxlve · July 26, 2019, 1:36pm

I hope I helped you.

jroberto1987 · September 8, 2020, 3:50pm

Thanks for the answer.

jfernandz · October 31, 2023, 8:40am

Hi guys, is this just for EE? … I’ve tried it in my docker-compose.yml but my AD users have still group creation enabled after their first login

iwalker · October 31, 2023, 12:16pm

This looks to be deprecated: Remove 'gitlab_default_can_create_group' setting (!6819) · Merge requests · GitLab.org / omnibus-gitlab · GitLab I used to use it in /etc/gitlab/gitlab.rb on gitlab-ce so was possible at some point.

I believe the correct way is go into Admin → General → Account and limit

User restrictions
Uncheck “Allow new users to create top-level groups”
Click save

You may wish to check existing users in the system individually to see if that option is enabled for them, or automatically globally disabled across all users. Since it may be possible to override it on a per-user basis.

Terminator100500 · November 29, 2023, 9:17am

Hi, maybe you can help and me? How can i avoid SSO users to create projects groups and other? They basically got developer permissions and can create, but i want to block this operation …