Gitlab.com: How to restrict/allow repositories view to specific users in a group?

I’m the creator and owner of a Gitlab.com private group containing several repositories/projects.

I don’t want ALL the users to see ALL the repositories of the group, whatever the role.

I might add a user temporarily just for a single project. Another user can be Guest/Reporter for the whole group and Owner/Developer for only few repositories.

Thus, creating a subgroup isn’t a solution or I’ll need to create multiple mirrors in each group just to manage the permission for each individual user.

It seems unbelievable that this isn’t possible out-of-the-box.

At least:

  • Why can’t I remove a user of a group for a specific project in that group?
  • Why can’t I add a user to a specific group’s project?

How do companies handle all those permissions on Gitlab.com?!

For example an intern, we want him to be able to be Developer for a specific project, hide repositories to him and view some of them.

1 Like

@alexis Welcome to the forum! Just wanted to let you know I’m working on finding some resources from our team to help you here beyond our permissions docs.

Either myself or another GitLab expert will comment back soon!

1 Like

Another user can be Guest/Reporter for the whole group and Owner/Developer for only few repositories.

@alexis, I don’t think that’s currently possible. Access is inherited and flows down the hierarchy. If a user is added to a group, their access level cannot be downgraded in a subgroup or project.

What are you trying to achieve that requires a lower access level on the project level?

Why can’t I add a user to a specific group’s project?

That’s actually possible, please see https://docs.gitlab.com/ee/user/project/members/#add-a-user.

How do companies handle all those permissions on Gitlab.com?!

Subgroups in combination with group and project sharing are used extensively for team management. Pretty complex scenarios can be modeled with this. Unfortunately, it does not address your uses-case, which would require downgrading access.

Making the permission system more fine-grained is on the roadmap, you might be interested in https://gitlab.com/groups/gitlab-org/-/epics/4035.

2 Likes

@ifarkas Thank you for your answer.

For example an intern or someone that isn’t supposed to see/comment/commit a repository for security reason. Someone who will leave the company soon. There are lots of reasons why we don’t want a group member to see specific repositories.

https://docs.gitlab.com/ee/user/project/members/#add-a-user

Prevent sharing a project within *** with other groups” in Settings of my group was disabled. That is the reason why I couldn’t add anybody even as an owner.

Thanks again, I’m looking forward seeing that system in place in gitlab.com.