Do not list projects for Reporter role

Is it possible to not list projects where the user is only Reporter?

We are using Group LDAP access control and the Reporter role to give all our users an initial read access role to all projects in that group.

Users should be able to check out the code, participate in discussions and merge requests, but they are otherwise not affiliated with the development of the project.

When listing “Your Projects” it will then list all the projects. VIewing the activities you then get drowned by activity events for projects you have nothing to do with.

We only want users affiliated with the project when they are either Maintainer or Developer.

We want to give everyone in our organization basic access to all repositories. They should be able to read, and participate in merge requests.

These users should not get hundreds of projects listed in their “Your Projects” list, they otherwise have no affiliation with.

I’m not sure if the Guest role would suffice for our purpose of basic read access and being able to participate in Merge Requests discussions.

Even being a Guest at Group or Project level would associate the projects to the user.

Seems I am able to access the group and project, even though I am not associated with them on any role.
Without any role on a project, the user can view, browse, search, and comment on MR.

Perhaps then I do not need to add all our company users to all groups to get them read access.

Private project: The project is accessible only by members of the project. Access must be granted explicitly to each user.
Internal project: The project can be accessed by any user who is logged in.

I guess I get access because am I am GitLab administrator.
In order for our users to have access and not be affiliated with the group or project, the group or project must be Internal.

If the Group is Internal, but the Project is Private. Would the user still have access, or does the project override the group visiblity?

Want I want here, is to all our LDAP users to have READ access to all groups and projects. They should be able to
Browse Repository
Download/Clone repository
Make comments.

Sounds like you need the minimal access:

it does some of the things you say, not listing the stuff they shouldn’t see, etc, until you assign a different permission level. Unfortunately, it’s only available in EE Premium subscription.

There are no other type of permission models available or to be able to create custom permissions like you are wanting to do.

whether it will appear in the future or not, time will tell.

We also need these users to have access to projects, not only groups.

Administrators can add members with a “minimal access” role to a parent group. Such users don’t automatically have access to projects and subgroups underneath. To support such access, administrators must explicitly add these “minimal access” users to the specific subgroups/projects.

Seems we also need to add these users to each projects. A lot of hassle.
We use LDAP access to give all users a group role automatically.

I did not need to add users to each projects at all.
When the projects are configured to be internal, then all logged in users can access them, even if they are not associated with them.

Users only then get the projects they are actually associated with under “Your projects”, but can still explore other projects, see the files, commits, merge requests and comment on changes.

1 Like