Why an external user with guest role cannot access an internal repo when it is granted to?

Hi!

Why an external user with guest role cannot access an internal repo when it is granted to?

Objective

I have a problem giving permissions in gitlab. I want to have externals users with guest (role) permissions to download one internal project.

The gitlab documentation says the following:

  1. Users with Guest role can download the project only if it is public or internal.
  2. Externals users can only access projects to which they are explicitly granted access, thus hiding all other internal or private ones from them. Access can be granted by adding the user as member to the project or group.

Environment

I have the next configuration in gitlab:

  • One user created as external user named userexternal.
  • One internal project named internalproject.
  • The internalproject has userexternal as member with the guest role.

Expected behaviour

userexternal can download (clone, etc) the internalproject because he has access granted.

Real behaviour

userexternal cannot download internalproject. The page returns a 403 error (forbidden access).

Cloning into 'internalproject'...
remote: You are not allowed to download code from this project.
fatal: unable to access 'https://userexternal:PASS@example.com/internalproject.git/': The requested URL returned error: 403
2 Likes

After some months…anyone?

Let’s try to bump it again.

I’m encountering this problem as well. Did you find a solution?

Edit: Bump your Guests to Reporters.

Let’s bump this thread again for getting some explanation from the GitLab devs.

Bump, as the current behaviour contradicts the permission documentation (External Guest should be able to access repository code of an internal repository)

same issue and same confusing docs

Same issue. Docs clearly state Guest should have access to pull and view repo.


(First column is ‘Guest’). Reference from Permissions and roles | GitLab.