How to setup user to audit all projects' settings (approval rules)?

guerda · July 17, 2025, 1:28pm

Problem to solve

I would like to setup a user, with which I can audit all projects, especially the merge request approval settings via the api.

I added a user to a couple of groups as maintainer and then the user is able to call /api/v4/projects/123/approval_rules.

As I don’t want to setup the user in all projects, I wanted to create an audit user which has read access to all projects and let them run the script.

Unfortunately, no matter which scopes I grant to the token, I’m getting 403 in the call above.
Also in the UI, the settings are not available.

This makes the audit user quite powerless, if settings cannot be read.

Steps to reproduce

Setup a user of type Audit user.
Login with the user
check a project
Try to access the settings.
Optional: try curl --header "PRIVATE-TOKEN XXXXXXX" --url "https://example.com/api/v4/projects/1234/approval_rules"

Versions

GitLab v17.11.4-ee

Self-managed
GitLab.com SaaS
Dedicated

Topic		Replies	Views
Projects default settings through REST API How to Use GitLab api	5	1750	November 30, 2020
Restrict/audit admin access to a repo Self-managed	5	1118	September 5, 2023
How to get the permissions for every gitlab user in every project via gitlab api or any other way? How to Use GitLab api , permissions , gitlab-pages	0	1531	January 4, 2022
List out GitLab Licensed user and projects they have access too How to Use GitLab api	3	3948	January 6, 2022
/application/settings api always returns 403 How to Use GitLab api	4	4717	November 20, 2019

How to setup user to audit all projects' settings (approval rules)?

Problem to solve

Steps to reproduce

Versions

Related topics