Ensuring the right access when a user is part of multiple AD groups

imthenachoman · August 24, 2021, 3:31pm

I am looking to see if something is possible with GitLab and LDAP sync.

Let’s say we have this situation:

groupA in AD
- has User1
- has User2
groupB in AD
- has User1

And:

groupA is given Reporter access
groupB is given Owner access

Right now User1 will only have Reporter access.

I am trying to figure out how to make it so User1 gets Owner access.

Right now GitLab defaults to the lowest access when a user is a part of multiple groups. I want GitLab to default to the highest access when a user is a part of multiple groups.

balonik · August 25, 2021, 10:18am

You can try to override user’s permissions, see Groups | GitLab

imthenachoman · August 25, 2021, 3:04pm

Only an administrator can do that. That won’t work. Our organization uses GitLab. We have a huge user space. We don’t want administrators to have to do things.

The LDAP sync works. We just want a way to make GL default to the highest level of access. This is how it should be. This is how every single other application/product work.