How to limit users inherited roles to lesser role in a subgroup

mcd · August 17, 2023, 7:03pm

Hello!

I would like to use a subgroup to limit access to a certain subproject. As it stands right now, we can only create projects within our group, which “abc/zzz” lets say. Any project created within “abc/zzz” automatically gets the permission assigned to group “abc/zzz”.

So if I create “abc/zzz/yyy”, “yyy” inherits all the permissions from “abc/zzz”.

Even if I create a subgroup “abc/zzz/yyy”, I can’t edit the roles to limit access to a specified user or users.

Is there any way around this other than creating deleting the users from the inherited group and creating a bunch of subgroups and assigning the specific projects to them? My concern is things could get fouled up pretty quickly.

balonik · August 18, 2023, 9:07am

Hi @mcd

Currently there is no way how to disable or overwrite membership and role inheritance. It is a feature that was requested a lot of times in the past, but it’s still in development or evaluation.

Currently, the only solution is to design group/subgroups in a such a way users get access only to stuff they need.

mcd · August 18, 2023, 12:57pm

Hi @balonik ,

Thanks for the reply! Do you have any estimates of when this will be available? It doesn’t sound like it’s too far along, but I’m checking just in case it’s going to be in the next release or soemthing.

balonik · August 30, 2023, 6:58am

I have no idea. If you would need to ask GitLab support if you have a paid subscription.