Ensuring the right access when a user is part of multiple AD groups

I am looking to see if something is possible with GitLab and LDAP sync.

Let’s say we have this situation:

  • groupA in AD
    • has User1
    • has User2
  • groupB in AD
    • has User1


  • groupA is given Reporter access
  • groupB is given Owner access

Right now User1 will only have Reporter access.

I am trying to figure out how to make it so User1 gets Owner access.

Right now GitLab defaults to the lowest access when a user is a part of multiple groups. I want GitLab to default to the highest access when a user is a part of multiple groups.

You can try to override user’s permissions, see Groups | GitLab

Only an administrator can do that. That won’t work. Our organization uses GitLab. We have a huge user space. We don’t want administrators to have to do things.

The LDAP sync works. We just want a way to make GL default to the highest level of access. This is how it should be. This is how every single other application/product work.