Ensuring the right access when a user is part of multiple AD groups

imthenachoman · August 24, 2021, 3:31pm

I am looking to see if something is possible with GitLab and LDAP sync.

Let’s say we have this situation:

groupA in AD
- has User1
- has User2
groupB in AD
- has User1

And:

groupA is given Reporter access
groupB is given Owner access

Right now User1 will only have Reporter access.

I am trying to figure out how to make it so User1 gets Owner access.

Right now GitLab defaults to the lowest access when a user is a part of multiple groups. I want GitLab to default to the highest access when a user is a part of multiple groups.

balonik · August 25, 2021, 10:18am

You can try to override user’s permissions, see Groups | GitLab

imthenachoman · August 25, 2021, 3:04pm

Only an administrator can do that. That won’t work. Our organization uses GitLab. We have a huge user space. We don’t want administrators to have to do things.

The LDAP sync works. We just want a way to make GL default to the highest level of access. This is how it should be. This is how every single other application/product work.

Topic		Replies	Views
GitLab user's permission when a direct member and in shared group Self-managed ldap	0	555	January 17, 2023
Gitlab Project Level roles (Master,Developer,Owner etc) definitions using LDAP groups or (Integration of LDAP with Gitlab to define project level access) Self-managed ldap	1	734	October 24, 2018
What will adding LDAP config "user_filter" to a gitlab installation where ldap sync has been running for years do? How to Use GitLab ldap	0	930	August 15, 2019
Difficulties with LDAP group syncing Self-managed ldap	5	2899	April 13, 2020
Gilab EE Active Directory Group synchronization How to Use GitLab	0	587	March 29, 2020

Ensuring the right access when a user is part of multiple AD groups

Related topics