New setting: "Allow users with up to Guest role to create groups and personal projects"


Using GitLab 16.8.1:

can anyone explain what the new setting “Allow users with up to Guest role to create groups and personal projects” in “Settings”->“General”->“Account and Limit” → “User Restrictions” does? I was shocked at first and thought this would allow “external” users with a “guest” role in a project to actually create new projects and groups, but it doesn’t. So what does it exactly do? Usally all our users (which are not “external”) can create groups and projects. If I uncheck the option, some users (mainly freshly created) cannot create groups or projects. I don’t understand what the option does and why it has been implemented. Can’t find any hints in the GitLab docs as well. Thanks for the help.

There is the answer to your question. You uncheck the option, and some internal users then cannot create groups. In which case, you would need to assign other options in Gitlab configuration to allow specific users to create groups with higher privileges than “Guest”. Even internal users can be given the guest role. The next role up is “reporter”.

Info here for roles: Permissions and roles | GitLab

Thank you very much.

But I have so further questions regarding projects in this context:
How/where do I give Reporter+ the right to create projects?
If I understand correctly, GitLab introduced a new role-based right for creating projects/groups? Was that already possible before? What else is the button for?
Above all: guest/reporter/… are rather group/project-based roles? How does this work with private projects?

Thanks again :slight_smile:

Guest/Reporter/Developer/Maintainer/Owner can be set at group level, and also at project level. It depends how you want to configure it. One our instance, I assigned at group level purely because any new project I added to this group, I wanted that particular set of people to automatically have access to any project created within that group. It then saves me from having to give people access all the time manually.

TBH not sure what the extra option is for. I have it disabled because I don’t want any type of guest access. For me it doesn’t really offer any benefits, but for other people they might like it.