How can I create an arbitrary group of users in GitLab?
For example, say we have 100 users overall, but we wish to have only a subset of those users assigned as codeowners for MR purposes, how can we group them together so that we don’t have to change every single repository when someone leaves/joins the team?
All the documentation I have found suggests that the only ‘Group’ feature is related to Projects (here), but I’m hoping that I’m just missing something, as this is a vert trivial thing todo in e.g. BitBucket or GitHub.
Unfortunately, there is no user grouping (separate from projects) in GitLab
Groups are related to projects, but also to users: you can add users to the group and give them certain permissions (which then apply to projects in that group and subgroups). You can also then add a group to another group with another set of permissions (which then apply to that group and subgroups).
This works fine as long as you have simple, clear Teams (so you can make 1 group per team) and then have multiple projects inside a team. But any more complex organization I find a bit hard to manage. I still hope GitLab implements a possibility for creating separate groups for users and their roles/permissions.
You could try making an empty group, and just add your users there (no projects). And then in MRs, normally you can select a group for approvals - there you should be able to select your group of users.
Thanks for your reply. It’s very disappointing that this functionality isn’t available, as it makes things incredibly difficult to manage in GitLab.
I’m going to give your suggestion about creating a group and assigning only users a try. This will be successful if it works as follows (which is possible in GitHub) -
We are able to assign the group as CODEOWNERS of a project.
We can select the group as reviewer of a Merge Request.
We can add the group to a protected branch to allow users in the group to approve deployments.
And it’s an instant fail. It seems that despite many questions and requests from users to prevent group/subgroup inheritance, it is not actually possible to do this. Therefore it is not possible to limit the users in the group to only those that should have CODEOWNER / reviewer / protected branch permissions.