How to limit users inherited roles to lesser role in a subgroup


I would like to use a subgroup to limit access to a certain subproject. As it stands right now, we can only create projects within our group, which “abc/zzz” lets say. Any project created within “abc/zzz” automatically gets the permission assigned to group “abc/zzz”.

So if I create “abc/zzz/yyy”, “yyy” inherits all the permissions from “abc/zzz”.

Even if I create a subgroup “abc/zzz/yyy”, I can’t edit the roles to limit access to a specified user or users.

Is there any way around this other than creating deleting the users from the inherited group and creating a bunch of subgroups and assigning the specific projects to them? My concern is things could get fouled up pretty quickly.

Hi @mcd

Currently there is no way how to disable or overwrite membership and role inheritance. It is a feature that was requested a lot of times in the past, but it’s still in development or evaluation.

Currently, the only solution is to design group/subgroups in a such a way users get access only to stuff they need.

Hi @balonik ,

Thanks for the reply! Do you have any estimates of when this will be available? It doesn’t sound like it’s too far along, but I’m checking just in case it’s going to be in the next release or soemthing.

I have no idea. If you would need to ask GitLab support if you have a paid subscription.