Skip to content
代码片段 群组 项目
未验证 提交 c32cfa2b 编辑于 作者: Marcin Sedlak-Jakubowski's avatar Marcin Sedlak-Jakubowski 提交者: GitLab
浏览文件

Merge branch 'rlehmann1-update-permission-order' into 'master' 

Add table ordering rules to permissions.md

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/167236



Merged-by: default avatarMarcin Sedlak-Jakubowski <msedlakjakubowski@gitlab.com>
Approved-by: default avatarMarcin Sedlak-Jakubowski <msedlakjakubowski@gitlab.com>
Reviewed-by: default avatarMarcin Sedlak-Jakubowski <msedlakjakubowski@gitlab.com>
Co-authored-by: default avatarRyan <rlehmann@gitlab.com>
上级 ca222f0b 1c17adbd
No related branches found
No related tags found
无相关合并请求
隐藏空白变更内容
行内 左右并排
显示
178 个添加152 个删除
doc/user/permissions.md
+ 178
152
浏览文件 @ c32cfa2b
......@@ -18,6 +18,16 @@ project itself, the higher role is used.
GitLab [administrators](../administration/index.md) have all permissions.
<!-- Keep these tables sorted according the following rules in order:
1. By minimum role.
2. By the object being accessed (for example, issue, security dashboard, or pipeline)
3. By the action: view, create, change, edit, manage, run, delete, all others
4. Alphabetically.
List only one action (for example, view, create, or delete) per line.
It's okay to list multiple related objects per line (for example, "View pipelines and pipeline details").
-->
## Roles
You can assign users a default role or a [custom role](custom_roles.md).
......@@ -54,41 +64,44 @@ Personal [namespace](namespace/index.md) owners:
For more information about how to manage project members, see
[members of a project](project/members/index.md).
The following tables list project permissions available for each role.
The following tables list the project permissions available for each role.
### Analytics
Project permissions for [analytics](../user/analytics/index.md) features including value streams, usage trends, product analytics, and insights.
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
|----------------------------------------------------------------------------------------------------------------------------------------------------------|:-----:|:--------:|:---------:|:----------:|:-----:|-------|
| View [issue analytics](group/issues_analytics/index.md) | | | | | | |
| View [value stream analytics](group/value_stream_analytics/index.md) | | | | | | |
| View [Value Streams Dashboard & AI Impact analytics](analytics/value_streams_dashboard.md) | | ✓ | ✓ | | | |
| View [DORA metrics](analytics/ci_cd_analytics.md) | | ✓ | | ✓ | | |
| View [CI/CD analytics](analytics/ci_cd_analytics.md) | | ✓ | ✓ | ✓ | | |
| View [code review analytics](analytics/code_review_analytics.md) | | ✓ | ✓ | | | |
| View [merge request analytics](analytics/merge_request_analytics.md) | | | ✓ | | ✓ | |
| View [repository analytics](analytics/repository_analytics.md) | | ✓ | ✓ | ✓ | | |
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
| ------------------------------------------------------------------------------------------ | :---: | :------: | :-------: | :--------: | :---: | ----- |
| View [issue analytics](group/issues_analytics/index.md) | | | | | | |
| View [value stream analytics](group/value_stream_analytics/index.md) | | | | | | |
| View [CI/CD analytics](analytics/ci_cd_analytics.md) | | | | ✓ | | |
| View [code review analytics](analytics/code_review_analytics.md) | | | | | | |
| View [DORA metrics](analytics/ci_cd_analytics.md) | | | ✓ | ✓ | ✓ | |
| View [merge request analytics](analytics/merge_request_analytics.md) | | | | ✓ | | |
| View [repository analytics](analytics/repository_analytics.md) | | | ✓ | | | |
| View [Value Streams Dashboard & AI Impact analytics](analytics/value_streams_dashboard.md) | | | ✓ | ✓ | ✓ | |
### Application security
Project permissions for [application security](application_security/secure_your_application.md) features including dependency management, security analyzers, security policies, and vulnerability management.
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
|------------------------------------------------------------------------------------------------------------------------------------|:-----:|:--------:|:---------:|:----------:|:-----:|-------|
| View licenses in [dependency list](application_security/dependency_list/index.md) | | | ✓ | ✓ | ✓ | |
| View [dependency list](application_security/dependency_list/index.md) | | | ✓ | ✓ | ✓ | |
| View [vulnerability report](application_security/vulnerability_report/index.md) | | | ✓ | ✓ | ✓ | |
| View [security dashboard](application_security/security_dashboard/index.md) | | | ✓ | ✓ | ✓ | |
| [Create issue](application_security/vulnerabilities/index.md#create-a-gitlab-issue-for-a-vulnerability) from vulnerability finding | | | ✓ | ✓ | ✓ | |
| Manually [create a vulnerability](application_security/vulnerability_report/index.md#manually-add-a-vulnerability) | | | ✓ | ✓ | ✓ | |
| Create and run [on-demand DAST scans](application_security/dast/on-demand_scan.md) | | | ✓ | ✓ | ✓ | |
| Create, edit, delete [individual security policies](application_security/policies/index.md) | | | ✓ | ✓ | ✓ | |
| Create a [CVE ID Request](application_security/cve_id_request.md) | | | | ✓ | ✓ | |
| Change vulnerability status | | | | ✓ | ✓ | The `admin_vulnerability` permission was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/412693) from the Developer role in GitLab 17.0. |
| Create or assign [security policy project](application_security/policies/index.md) | | | | | ✓ | |
| Manage [security configurations](application_security/configuration/index.md) | | | | | ✓ | |
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
|-------------------------------------------------------------------------------------------|:-----:|:--------:|:---------:|:----------:|:-----:|-------|
| View [dependency list](application_security/dependency_list/index.md) | | | ✓ | ✓ | ✓ | |
| View licenses in [dependency list](application_security/dependency_list/index.md) | | | ✓ | ✓ | ✓ | |
| View [security dashboard](application_security/security_dashboard/index.md) | | | ✓ | ✓ | ✓ | |
| View [vulnerability report](application_security/vulnerability_report/index.md) | | | ✓ | ✓ | ✓ | |
| Create [vulnerability manually](application_security/vulnerability_report/index.md#manually-add-a-vulnerability) | | | ✓ | ✓ | ✓ | |
| Create [issue](application_security/vulnerabilities/index.md#create-a-gitlab-issue-for-a-vulnerability) from vulnerability finding | | | ✓ | ✓ | ✓ | |
| Create [on-demand DAST scans](application_security/dast/on-demand_scan.md) | | | ✓ | ✓ | ✓ | |
| Run [on-demand DAST scans](application_security/dast/on-demand_scan.md) | | | ✓ | ✓ | ✓ | |
| Create [individual security policies](application_security/policies/index.md) | | | ✓ | ✓ | ✓ | |
| Change [individual security policies](application_security/policies/index.md) | | | ✓ | ✓ | ✓ | |
| Delete [individual security policies](application_security/policies/index.md) | | | ✓ | ✓ | ✓ | |
| Create [CVE ID request](application_security/cve_id_request.md) | | | | ✓ | ✓ | |
| Change vulnerability status | | | | ✓ | ✓ | The `admin_vulnerability` permission was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/412693) from the Developer role in GitLab 17.0. |
| Create or assign [security policy project](application_security/policies/index.md) | | | | | ✓ | |
| Manage [security configurations](application_security/configuration/index.md) | | | | | ✓ | |
### CI/CD
......@@ -101,42 +114,44 @@ Project permissions for [application security](application_security/secure_your_
Project Owners can perform any listed action, and can delete pipelines:
| Action | Non-member | Guest | Reporter | Developer | Maintainer | Notes |
|--------------------------------------------------------------------------------------------------------------------------------|:----------:|:-----:|:--------:|:---------:|:----------:|-------|
| See that artifacts exist | ✓ | ✓ | ✓ | ✓ | ✓ | Non-members and guests: Only if the project is public. |
| View a list of jobs | ✓ | ✓ | ✓ | ✓ | ✓ | Non-members: Only if the project is public and **Public pipelines** is enabled in **Project Settings > CI/CD**.<br>Guests: Only if **Public pipelines** is enabled in **Project Settings > CI/CD**. |
| View and download artifacts | ✓ | ✓ | ✓ | ✓ | ✓ | Non-members: Only if the project is public, **Public pipelines** is enabled in **Project Settings > CI/CD**, and [`artifacts:public: false`](../ci/yaml/index.md#artifactspublic) is not set on the job.<br>Guests: Only if **Public pipelines** is enabled in **Project Settings > CI/CD** and `artifacts:public: false` is not set on the job.<br>Reporters: Only if `artifacts:public: false` is not set on the job. |
| View [environments](../ci/environments/index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | Non-members and guests: Only if the project is public. |
| View job logs and job details page | ✓ | ✓ | ✓ | ✓ | ✓ | Non-members: Only if the project is public and **Public pipelines** is enabled in **Project Settings > CI/CD**.<br>Guests: Only if **Public pipelines** is enabled in **Project Settings > CI/CD**. |
| View pipelines and pipeline details pages | ✓ | ✓ | ✓ | ✓ | ✓ | Non-members: Only if the project is public and **Public pipelines** is enabled in **Project Settings > CI/CD**.<br>Guests: Only if **Public pipelines** is enabled in **Project Settings > CI/CD**. |
| View pipelines tab in MR | ✓ | ✓ | ✓ | ✓ | ✓ | Non-members and guests: Only if the project is public. |
| [View vulnerabilities in a pipeline](application_security/vulnerability_report/pipeline.md#view-vulnerabilities-in-a-pipeline) | | ✓ | ✓ | ✓ | ✓ | Guests: Only if **Public pipelines** is enabled in **Project Settings > CI/CD**. |
| Run deployment job for a protected environment | | | ✓ | ✓ | ✓ | Reporters: Only if the user is [part of a group with access to the protected environment](../ci/environments/protected_environments.md#deployment-only-access-to-protected-environments).<br>Developers and maintainers: Only if the user is [allowed to deploy to the protected branch](../ci/environments/protected_environments.md#protecting-environments). |
| View and download project [Secure Files](../api/secure_files.md) | | | | ✓ | ✓ | |
| Retry jobs | | | | ✓ | ✓ | |
| Cancel jobs | | | | ✓ | ✓ | Cancellation permissions can be [restricted in the pipeline settings](../ci/pipelines/settings.md#restrict-roles-that-can-cancel-pipelines-or-jobs). |
| Create new [environments](../ci/environments/index.md) | | | | ✓ | ✓ | |
| Enable [review apps](../ci/review_apps/index.md) | | | | ✓ | ✓ | |
| Delete job logs or job artifacts | | | | ✓ | ✓ | Developers: Only if the job was triggered by the user and runs for a non-protected branch. |
| Run CI/CD pipeline | | | | ✓ | ✓ | |
| Run CI/CD job | | | | ✓ | ✓ | |
| Run CI/CD pipeline for a protected branch | | | | ✓ | ✓ | Developers and maintainers: Only if the user is [allowed to merge or push to the protected branch](../ci/pipelines/index.md#pipeline-security-on-protected-branches). |
| Stop [environments](../ci/environments/index.md) | | | | ✓ | ✓ | |
| Delete [environments](../ci/environments/index.md) | | | | ✓ | ✓ | |
| Action | Non-member | Guest | Reporter | Developer | Maintainer | Notes |
|------------------------------------------------------------------|:----------:|:-----:|:--------:|:---------:|:----------:|-------|
| View existing artifacts | ✓ | ✓ | ✓ | ✓ | ✓ | Non-members and guests: Only if the project is public. |
| View list of jobs | ✓ | ✓ | ✓ | ✓ | ✓ | Non-members: Only if the project is public and **Public pipelines** is enabled in **Project Settings > CI/CD**.<br>Guests: Only if **Public pipelines** is enabled in **Project Settings > CI/CD**. |
| View artifacts | ✓ | ✓ | ✓ | ✓ | ✓ | Non-members: Only if the project is public, **Public pipelines** is enabled in **Project Settings > CI/CD**, and [`artifacts:public: false`](../ci/yaml/index.md#artifactspublic) is not set on the job.<br>Guests: Only if **Public pipelines** is enabled in **Project Settings > CI/CD** and `artifacts:public: false` is not set on the job.<br>Reporters: Only if `artifacts:public: false` is not set on the job. |
| Download artifacts | ✓ | ✓ | ✓ | ✓ | ✓ | Non-members: Only if the project is public, **Public pipelines** is enabled in **Project Settings > CI/CD**, and [`artifacts:public: false`](../ci/yaml/index.md#artifactspublic) is not set on the job.<br>Guests: Only if **Public pipelines** is enabled in **Project Settings > CI/CD** and `artifacts:public: false` is not set on the job.<br>Reporters: Only if `artifacts:public: false` is not set on the job. |
| View [environments](../ci/environments/index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | Non-members and guests: Only if the project is public. |
| View job logs and job details page | ✓ | ✓ | ✓ | ✓ | ✓ | Non-members: Only if the project is public and **Public pipelines** is enabled in **Project Settings > CI/CD**.<br>Guests: Only if **Public pipelines** is enabled in **Project Settings > CI/CD**. |
| View pipelines and pipeline details pages | ✓ | ✓ | ✓ | ✓ | ✓ | Non-members: Only if the project is public and **Public pipelines** is enabled in **Project Settings > CI/CD**.<br>Guests: Only if **Public pipelines** is enabled in **Project Settings > CI/CD**. |
| View pipelines tab in MR | ✓ | ✓ | ✓ | ✓ | ✓ | Non-members and guests: Only if the project is public. |
| View [vulnerabilities in a pipeline](application_security/vulnerability_report/pipeline.md#view-vulnerabilities-in-a-pipeline) | | ✓ | ✓ | ✓ | ✓ | Guests: Only if **Public pipelines** is enabled in **Project Settings > CI/CD**. |
| Run deployment job for a protected environment | | | ✓ | ✓ | ✓ | Reporters: Only if the user is [part of a group with access to the protected environment](../ci/environments/protected_environments.md#deployment-only-access-to-protected-environments).<br>Developers and maintainers: Only if the user is [allowed to deploy to the protected branch](../ci/environments/protected_environments.md#protecting-environments). |
| View [agents for Kubernetes](clusters/agent/index.md) | | | | ✓ | ✓ | |
| View project [Secure Files](../api/secure_files.md) | | | | ✓ | ✓ | |
| Download project [Secure Files](../api/secure_files.md) | | | | ✓ | ✓ | |
| View a job with [debug logging](../ci/variables/index.md#enable-debug-logging) | | | | ✓ | ✓ | |
| Use pipeline editor | | | | ✓ | ✓ | |
| Create [environments](../ci/environments/index.md) | | | | ✓ | ✓ | |
| Delete [environments](../ci/environments/index.md) | | | | ✓ | ✓ | |
| Stop [environments](../ci/environments/index.md) | | | | ✓ | ✓ | |
| Run CI/CD pipeline | | | | ✓ | ✓ | |
| Run CI/CD pipeline for a protected branch | | | | ✓ | ✓ | Developers and maintainers: Only if the user is [allowed to merge or push to the protected branch](../ci/pipelines/index.md#pipeline-security-on-protected-branches). |
| Run CI/CD job | | | | ✓ | ✓ | |
| Delete job logs or job artifacts | | | | ✓ | ✓ | Developers: Only if the job was triggered by the user and runs for a non-protected branch. |
| Enable [review apps](../ci/review_apps/index.md) | | | | ✓ | ✓ | |
| Cancel jobs | | | | ✓ | ✓ | Cancellation permissions can be [restricted in the pipeline settings](../ci/pipelines/settings.md#restrict-roles-that-can-cancel-pipelines-or-jobs). |
| Retry jobs | | | | ✓ | ✓ | |
| Read [Terraform](infrastructure/index.md) state | | | | ✓ | ✓ | |
| Run [interactive web terminals](../ci/interactive_web_terminal/index.md) | | | | ✓ | ✓ | |
| Add project runners to project | | | | | ✓ | |
| Clear runner caches manually | | | | | ✓ | |
| Enable instance runners in project | | | | | ✓ | |
| Manage CI/CD settings | | | | | ✓ | |
| Manage job triggers | | | | | ✓ | |
| Manage project CI/CD variables | | | | | ✓ | |
| Manage project [Secure Files](../api/secure_files.md) | | | | | ✓ | |
| View [agents for Kubernetes](clusters/agent/index.md) | | | | ✓ | ✓ | |
| Manage [agents for Kubernetes](clusters/agent/index.md) | | | | | ✓ | |
| Read [Terraform](infrastructure/index.md) state | | | | ✓ | ✓ | |
| Manage [Terraform](infrastructure/index.md) state | | | | | ✓ | |
| Use pipeline editor | | | | ✓ | ✓ | |
| Manage [agents for Kubernetes](clusters/agent/index.md) | | | | | ✓ | |
| Manage CI/CD settings | | | | | ✓ | |
| Manage job triggers | | | | | ✓ | |
| Manage project CI/CD variables | | | | | ✓ | |
| Manage project [Secure Files](../api/secure_files.md) | | | | | ✓ | |
| Manage [Terraform](infrastructure/index.md) state | | | | | ✓ | |
| Add project runners to project | | | | | ✓ | |
| Clear runner caches manually | | | | | ✓ | |
| Enable instance runners in project | | | | | ✓ | |
This table shows granted privileges for jobs triggered by specific roles.
......@@ -170,12 +185,16 @@ Project permissions for [compliance](compliance/index.md) features including com
Project permissions for [model registry](project/ml/model_registry/index.md) and [model experiments](project/ml/experiment_tracking/index.md).
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
|---------------------------------------------------------------------------------------------------|:-----:|:--------:|:---------:|:----------:|:-----:|-------|
| View [models and versions](project/ml/model_registry/index.md) | | ✓ | ✓ | ✓ | ✓ | |
| Create, edit, and delete models, versions, and artifacts | | | ✓ | ✓ | ✓ | |
| View [model experiments](project/ml/experiment_tracking/index.md) | | ✓ | ✓ | ✓ | ✓ | |
| Create, edit, and delete experiments, candidates etc | | | ✓ | ✓ | ✓ | |
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
| ----------------------------------------------------------------- | :---: | :------: | :-------: | :--------: | :---: | ----- |
| View [models and versions](project/ml/model_registry/index.md) | | ✓ | ✓ | ✓ | ✓ | |
| View [model experiments](project/ml/experiment_tracking/index.md) | | ✓ | ✓ | ✓ | ✓ | |
| Create models, versions, and artifacts | | | ✓ | ✓ | ✓ | |
| Edit models, versions, and artifacts | | | ✓ | ✓ | ✓ | |
| Delete models, versions, and artifacts | | | ✓ | ✓ | ✓ | |
| Create experiments and candidates | | | ✓ | ✓ | ✓ | |
| Edit experiments and candidates | | | ✓ | ✓ | ✓ | |
| Delete experiments and candidates | | | ✓ | ✓ | ✓ | |
### Monitoring
......@@ -183,21 +202,21 @@ Project permissions for monitoring including [error tracking](../operations/erro
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
|---------------------------------------------------------------------------------------------------------------------|-:-:---|-:-:------|-:-:-------|-:-:--------|-:-:---|-------|
| View [error tracking](../operations/error_tracking.md) list | | ✓ | ✓ | ✓ | ✓ | |
| Manage [error tracking](../operations/error_tracking.md) | | | | ✓ | ✓ | |
| Assign an [incident management](../operations/incident_management/index.md) alert | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Participate in on-call rotation [Incident Management](../operations/incident_management/index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | |
| View an [incident](../operations/incident_management/incidents.md) | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Change [alert status](../operations/incident_management/alerts.md#change-an-alerts-status) | | ✓ | ✓ | ✓ | ✓ | |
| Change [incident severity](../operations/incident_management/manage_incidents.md#change-severity) | | ✓ | ✓ | ✓ | ✓ | |
| Create [incident](../operations/incident_management/incidents.md) | | ✓ | ✓ | ✓ | ✓ | |
| Assign an [incident management](../operations/incident_management/index.md) alert | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Participate in on-call rotation for [Incident Management](../operations/incident_management/index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | |
| View [alerts](../operations/incident_management/alerts.md) | | ✓ | ✓ | ✓ | ✓ | |
| View [error tracking](../operations/error_tracking.md) list | | ✓ | ✓ | ✓ | ✓ | |
| View [escalation policies](../operations/incident_management/escalation_policies.md) | | ✓ | ✓ | ✓ | ✓ | |
| View [on-call schedules](../operations/incident_management/oncall_schedules.md) | | ✓ | ✓ | ✓ | ✓ | |
| Create [incident](../operations/incident_management/incidents.md) | | ✓ | ✓ | ✓ | ✓ | |
| Change [alert status](../operations/incident_management/alerts.md#change-an-alerts-status) | | ✓ | ✓ | ✓ | ✓ | |
| Change [incident severity](../operations/incident_management/manage_incidents.md#change-severity) | | ✓ | ✓ | ✓ | ✓ | |
| Change [incident escalation status](../operations/incident_management/manage_incidents.md#change-status) | | | ✓ | ✓ | ✓ | |
| Change [incident escalation policy](../operations/incident_management/manage_incidents.md#change-escalation-policy) | | | ✓ | ✓ | ✓ | |
| Manage [on-call schedules](../operations/incident_management/oncall_schedules.md) | | | | ✓ | ✓ | |
| Manage [error tracking](../operations/error_tracking.md) | | | | ✓ | ✓ | |
| Manage [escalation policies](../operations/incident_management/escalation_policies.md) | | | | ✓ | ✓ | |
| Manage [on-call schedules](../operations/incident_management/oncall_schedules.md) | | | | ✓ | ✓ | |
### Project planning
......@@ -213,15 +232,15 @@ Project permissions for [issues](project/issues/index.md):
| Manage [design management](project/issues/design_management.md) files | | ✓ | ✓ | ✓ | ✓ | |
| Manage [issue boards](project/issue_board.md) | | ✓ | ✓ | ✓ | ✓ | |
| Manage [milestones](project/milestones/index.md) | | ✓ | ✓ | ✓ | ✓ | |
| Archive or reopen [requirements](project/requirements/index.md) | | ✓ | ✓ | ✓ | ✓ | Authors and assignees can archive and re-open even if they don't have the Reporter role. |
| Create or edit [requirements](project/requirements/index.md) | | ✓ | ✓ | ✓ | ✓ | Authors and assignees can modify the title and description even if they don't have the Reporter role.|
| Import or export [requirements](project/requirements/index.md) | | ✓ | ✓ | ✓ | ✓ | |
| Archive [test cases](../ci/test_cases/index.md) | | ✓ | ✓ | ✓ | ✓ | |
| Create [test cases](../ci/test_cases/index.md) | | ✓ | ✓ | ✓ | ✓ | |
| Move [test cases](../ci/test_cases/index.md) | | ✓ | ✓ | ✓ | ✓ | |
| Reopen [test cases](../ci/test_cases/index.md) | | ✓ | ✓ | ✓ | ✓ | |
| Manage [Feature flags](../operations/feature_flags.md) | | | ✓ | ✓ | ✓ | |
| Delete issues | | | | | ✓ | |
| Manage [Feature flags](../operations/feature_flags.md) | | | ✓ | ✓ | ✓ | |
| Archive or reopen [requirements](project/requirements/index.md) | | ✓ | ✓ | ✓ | ✓ | Authors and assignees can archive and re-open even if they don't have the Reporter role. |
| Create or edit [requirements](project/requirements/index.md) | | ✓ | ✓ | ✓ | ✓ | Authors and assignees can modify the title and description even if they don't have the Reporter role.|
| Import or export [requirements](project/requirements/index.md) | | ✓ | ✓ | ✓ | ✓ | |
| Archive [test cases](../ci/test_cases/index.md) | | ✓ | ✓ | ✓ | ✓ | |
| Create [test cases](../ci/test_cases/index.md) | | ✓ | ✓ | ✓ | ✓ | |
| Move [test cases](../ci/test_cases/index.md) | | ✓ | ✓ | ✓ | ✓ | |
| Reopen [test cases](../ci/test_cases/index.md) | | ✓ | ✓ | ✓ | ✓ | |
Project permissions for [tasks](tasks.md):
......@@ -247,11 +266,12 @@ Project permissions for [OKRs](okrs.md):
Project permissions for [wikis](project/wiki/index.md):
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
|----------------------------|:-----:|:--------:|:---------:|:----------:|:-----:|-------|
| View wiki | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Create and edit wiki pages | | | ✓ | ✓ | ✓ | |
| Delete wiki pages | | | ✓ | ✓ | ✓ | |
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
| ----------------- | :---: | :------: | :-------: | :--------: | :---: | ----- |
| View wiki | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Create wiki pages | | | ✓ | ✓ | ✓ | |
| Edit wiki pages | | | ✓ | ✓ | ✓ | |
| Delete wiki pages | | | ✓ | ✓ | ✓ | |
### Packages and registry
......@@ -281,6 +301,13 @@ Project permissions for [project features](project/organize_work_with_projects.m
|---------------------------------------------------------------------------|:-----:|:--------:|:---------:|:----------:|:-----:|-------|
| Download project | ✓ | ✓ | ✓ | ✓ | ✓ | On self-managed GitLab instances, users with the Guest role are able to perform this action only on public and internal projects (not on private projects). [External users](../administration/external_users.md) must be given explicit access (at least the **Reporter** role) even if the project is internal. Users with the Guest role on GitLab.com are only able to perform this action on public projects because internal visibility is not available. |
| Leave comments | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Reposition comments on images (posted by any user) | ✓ | ✓ | ✓ | ✓ | ✓ | Applies only to comments on [Design Management](project/issues/design_management.md) designs. |
| View [Insights](project/insights/index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | |
| View [Requirements](project/requirements/index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | |
| View [time tracking](project/time_tracking.md) reports | ✓ | ✓ | ✓ | ✓ | ✓ | On self-managed GitLab instances, users with the Guest role are able to perform this action only on public and internal projects (not on private projects). [External users](../administration/external_users.md) must be given explicit access (at least the **Reporter** role) even if the project is internal. Users with the Guest role on GitLab.com are only able to perform this action on public projects because internal visibility is not available. |
| View [snippets](snippets.md) | ✓ | ✓ | ✓ | ✓ | ✓ | |
| View [project traffic statistics](../api/project_statistics.md) | | ✓ | ✓ | ✓ | ✓ | |
| Create [snippets](snippets.md) | | ✓ | ✓ | ✓ | ✓ | |
| View [releases](project/releases/index.md) | | | ✓ | ✓ | ✓ | Guest users can access GitLab [**Releases**](project/releases/index.md) for downloading assets but are not allowed to download the source code nor see [repository information like commits and release evidence](project/releases/index.md#view-a-release-and-download-assets). |
| Manage [releases](project/releases/index.md) | | | | ✓ | ✓ | If the [tag is protected](project/protected_tags.md), this depends on the access given to Developers and Maintainers. |
| Configure [webhooks](project/integrations/webhooks.md) | | | | ✓ | ✓ | |
......@@ -291,23 +318,16 @@ Project permissions for [project features](project/organize_work_with_projects.m
| Edit project settings | | | | ✓ | ✓ | |
| Change [project features visibility](public_access.md) level | | | | ✓ | ✓ | A Maintainer or Owner can't change project features visibility level if [project visibility](public_access.md) is set to private. |
| Edit comments (posted by any user) | | | | ✓ | ✓ | |
| Add [deploy keys](project/deploy_keys/index.md) | | | | ✓ | ✓ | |
| Manage [Project Operations](../operations/index.md) | | | | ✓ | ✓ | |
| View [Usage Quotas](usage_quotas.md) page | | | | ✓ | ✓ | |
| Globally delete [snippets](snippets.md) | | | | ✓ | ✓ | |
| Globally edit [snippets](snippets.md) | | | | ✓ | ✓ | |
| Archive project | | | | | ✓ | |
| Change project visibility level | | | | | ✓ | |
| Delete project | | | | | ✓ | |
| Disable notification emails | | | | | ✓ | |
| Transfer project | | | | | ✓ | |
| Reposition comments on images (posted by any user) | ✓ | ✓ | ✓ | ✓ | ✓ | Applies only to comments on [Design Management](project/issues/design_management.md) designs. |
| View [Insights](project/insights/index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | |
| View [Requirements](project/requirements/index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | |
| View [time tracking](project/time_tracking.md) reports | ✓ | ✓ | ✓ | ✓ | ✓ | On self-managed GitLab instances, users with the Guest role are able to perform this action only on public and internal projects (not on private projects). [External users](../administration/external_users.md) must be given explicit access (at least the **Reporter** role) even if the project is internal. Users with the Guest role on GitLab.com are only able to perform this action on public projects because internal visibility is not available. |
| View [project traffic statistics](../api/project_statistics.md) | | ✓ | ✓ | ✓ | ✓ | |
| Add [deploy keys](project/deploy_keys/index.md) | | | | ✓ | ✓ | |
| Manage [Project Operations](../operations/index.md) | | | | ✓ | ✓ | |
| View [Usage Quotas](usage_quotas.md) page | | | | ✓ | ✓ | |
| View [snippets](snippets.md) | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Create [snippets](snippets.md) | | ✓ | ✓ | ✓ | ✓ | |
| Globally delete [snippets](snippets.md) | | | | ✓ | ✓ | |
| Globally edit [snippets](snippets.md) | | | | ✓ | ✓ | |
Project permissions for [GitLab Pages](project/pages/index.md):
......@@ -326,18 +346,20 @@ Project permissions for [repository](project/repository/index.md) features inclu
|----------------------------------------------------------------|:-----:|:--------:|:---------:|:----------:|:-----:|-------|
| View project code | ✓ | ✓ | ✓ | ✓ | ✓ | On self-managed GitLab instances, users with the Guest role are able to perform this action only on public and internal projects (not on private projects). [External users](../administration/external_users.md) must be given explicit access (at least the **Reporter** role) even if the project is internal. Users with the Guest role on GitLab.com are only able to perform this action on public projects because internal visibility is not available. In GitLab 15.9 and later, users with the Guest role and an Ultimate license can view private repository content if an administrator (on self-managed or GitLab Dedicated) or group owner (on GitLab.com) gives those users permission. The administrator or group owner can create a [custom role](custom_roles.md) through the API or UI and assign that role to the users. |
| Pull project code | ✓ | ✓ | ✓ | ✓ | ✓ | On self-managed GitLab instances, users with the Guest role are able to perform this action only on public and internal projects (not on private projects). [External users](../administration/external_users.md) must be given explicit access (at least the **Reporter** role) even if the project is internal. Users with the Guest role on GitLab.com are only able to perform this action on public projects because internal visibility is not available. |
| View a commit status | | ✓ | ✓ | ✓ | ✓ | |
| Create or update commit status | | | ✓ | ✓ | ✓ | If the [branch is protected](project/repository/branches/protected.md), this depends on the access given to Developers and Maintainers. |
| Create and delete [Git tags](project/repository/tags/index.md) | | | ✓ | ✓ | ✓ | |
| View commit status | | ✓ | ✓ | ✓ | ✓ | |
| Create commit status | | | ✓ | ✓ | ✓ | If the [branch is protected](project/repository/branches/protected.md), this depends on the access given to Developers and Maintainers. |
| Update commit status | | | ✓ | ✓ | ✓ | If the [branch is protected](project/repository/branches/protected.md), this depends on the access given to Developers and Maintainers. |
| Create [Git tags](project/repository/tags/index.md) | | | ✓ | ✓ | ✓ | |
| Delete [Git tags](project/repository/tags/index.md) | | | ✓ | ✓ | ✓ | |
| Create new [branches](project/repository/branches/index.md) | | | ✓ | ✓ | ✓ | |
| Delete non-protected branches | | | ✓ | ✓ | ✓ | |
| Force push to non-protected branches | | | ✓ | ✓ | ✓ | |
| Push to non-protected branches | | | ✓ | ✓ | ✓ | |
| Delete non-protected branches | | | ✓ | ✓ | ✓ | |
| Manage [protected branches](project/repository/branches/protected.md) | | | | ✓ | ✓ | |
| Delete protected branches | | | | ✓ | ✓ | |
| Push to protected branches | | | | ✓ | ✓ | If the [branch is protected](project/repository/branches/protected.md), this depends on the access given to Developers and Maintainers. |
| Manage [protected tags](project/protected_tags.md) | | | | ✓ | ✓ | |
| Manage [push rules](project/repository/push_rules.md) | | | | ✓ | ✓ | |
| Push to protected branches | | | | ✓ | ✓ | If the [branch is protected](project/repository/branches/protected.md), this depends on the access given to Developers and Maintainers. |
| Remove fork relationship | | | | | ✓ | |
| Force push to protected branches | | | | | | Not allowed for Guest, Reporter, Developer, Maintainer, or Owner. See [protected branches](project/repository/branches/protected.md#allow-force-push-on-a-protected-branch). |
......@@ -346,12 +368,12 @@ Project permissions for [merge requests](project/merge_requests/index.md):
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
|--------------------------------------------------------------------------------------------------------------|:-----:|:--------:|:---------:|:----------:|:-----:|-------|
| [View](project/merge_requests/index.md#view-merge-requests) a merge request | ✓ | ✓ | ✓ | ✓ | ✓ | On self-managed GitLab instances, users with the Guest role are able to perform this action only on public and internal projects (not on private projects). [External users](../administration/external_users.md) must be given explicit access (at least the **Reporter** role) even if the project is internal. Users with the Guest role on GitLab.com are only able to perform this action on public projects because internal visibility is not available. |
| [Create](project/merge_requests/creating_merge_requests.md) a merge request | | | ✓ | ✓ | ✓ | In projects that accept contributions from external members, users can create, edit, and close their own merge requests. For **private** projects, this excludes the Guest role as those users [cannot clone private projects](public_access.md#private-projects-and-groups). For **internal** projects, includes users with read-only access to the project, as [they can clone internal projects](public_access.md#internal-projects-and-groups). |
| Update a merge request including assign, review, Code Suggestions, approve, labels, lock and resolve threads | | | ✓ | ✓ | ✓ | For information on eligible approvers for merge requests, see [Eligible approvers](project/merge_requests/approvals/rules.md#eligible-approvers). |
| Create [snippets](snippets.md) | | ✓ | ✓ | ✓ | ✓ | |
| Create [merge request](project/merge_requests/creating_merge_requests.md) | | | ✓ | ✓ | ✓ | In projects that accept contributions from external members, users can create, edit, and close their own merge requests. For **private** projects, this excludes the Guest role as those users [cannot clone private projects](public_access.md#private-projects-and-groups). For **internal** projects, includes users with read-only access to the project, as [they can clone internal projects](public_access.md#internal-projects-and-groups). |
| Update merge request including assign, review, Code Suggestions, approve, labels, lock and resolve threads | | | ✓ | ✓ | ✓ | For information on eligible approvers for merge requests, see [Eligible approvers](project/merge_requests/approvals/rules.md#eligible-approvers). |
| Manage [merge request settings](project/merge_requests/approvals/settings.md) | | | | ✓ | ✓ | |
| Manage [merge request approval rules](project/merge_requests/approvals/rules.md) | | | | ✓ | ✓ | |
| Delete merge request | | | | | ✓ | |
| Create [snippets](snippets.md) | | ✓ | ✓ | ✓ | ✓ | |
### User management
......@@ -367,10 +389,10 @@ Project permissions for [user management](project/members/index.md).
Project permissions for [GitLab Duo](gitlab_duo/index.md):
| Action | Non-member | Guest | Reporter | Developer | Maintainer | Owner | Notes |
|-------------------------------------------------------------------------------------------------------------|------------|-------|----------|-----------|------------|-------|-------|
| <br>Configure [Duo feature availability](gitlab_duo/turn_on_off.md#turn-off-for-a-project) | | | | | ✓ | ✓ | |
| <br>Use Duo features | | | ✓ | ✓ | ✓ | ✓ | Code Suggestions requires a [user being assigned a seat to gain access to a Duo add-on](../subscriptions/subscription-add-ons.md#assign-gitlab-duo-seats). |
| Action | Non-member | Guest | Reporter | Developer | Maintainer | Owner | Notes |
| -------------------------------------------------------------------------------------- | ---------- | ----- | -------- | --------- | ---------- | ----- | ----- |
| Use Duo features | | | | ✓ | ✓ | ✓ | Code Suggestions requires a [user being assigned a seat to gain access to a Duo add-on](../subscriptions/subscription-add-ons.md#assign-gitlab-duo-seats). |
| Configure [Duo feature availability](gitlab_duo/turn_on_off.md#turn-off-for-a-project) | | | | | ✓ | ✓ | |
## Group members permissions
......@@ -404,7 +426,8 @@ Group permissions for [Application Security](application_security/secure_your_ap
| View [dependency list](application_security/dependency_list/index.md) | | | ✓ | ✓ | ✓ | |
| View [vulnerability report](application_security/vulnerability_report/index.md) | | | ✓ | ✓ | ✓ | |
| View [security dashboard](application_security/security_dashboard/index.md) | | | ✓ | ✓ | ✓ | |
| Create or assign [security policy project](application_security/policies/index.md) | | | | | ✓ | |
| Create [security policy project](application_security/policies/index.md) | | | | | ✓ | |
| Assign [security policy project](application_security/policies/index.md) | | | | | ✓ | |
### CI/CD group permissions
......@@ -412,8 +435,8 @@ Group permissions for [CI/CD](../ci/index.md) features including runners, variab
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
|---------------------------------------|:-----:|:--------:|:---------:|:----------:|:-----:|-------|
| Manage group-level Kubernetes cluster | | | | ✓ | ✓ | |
| View group runners | | | | ✓ | ✓ | |
| Manage group-level Kubernetes cluster | | | | ✓ | ✓ | |
| Manage group runners | | | | | ✓ | |
| Manage group level CI/CD variables | | | | | ✓ | |
| Manage group protected environments | | | | | ✓ | |
......@@ -426,22 +449,22 @@ Group permissions for [compliance](compliance/index.md) features including compl
|---------------------------------------------------------------------------------------|:-----:|:--------:|:---------:|:----------:|:-----:|-------|
| View [audit events](../administration/audit_event_reports.md) | | | ✓ | ✓ | ✓ | Users can view only events based on their individual actions. |
| View licenses in the [dependency list](application_security/dependency_list/index.md) | | | ✓ | ✓ | ✓ | |
| Manage [audit streams](compliance/audit_event_streaming.md) | | | | | ✓ | |
| View the [compliance center](compliance/compliance_center/index.md) | | | | | ✓ | |
| Manage [compliance frameworks](group/compliance_frameworks.md) | | | | | ✓ | |
| Assign [compliance frameworks](group/compliance_frameworks.md) to projects | | | | | ✓ | |
| Manage [audit streams](compliance/audit_event_streaming.md) | | | | | ✓ | |
### GitLab Duo group permissions
Group permissions for [GitLab Duo](../user/gitlab_duo/index.md):
| Action | Non-member | Guest | Reporter | Developer | Maintainer | Owner | Notes |
|-------------------------------------------------------------------------------------------------------------|------------|-------|----------|-----------|------------|-------|-------|
| <br>Purchase [Duo seats](../subscriptions/subscription-add-ons.md#purchase-additional-gitlab-duo-seats) | | | | | | ✓ | |
| <br>Configure [Duo feature availability](gitlab_duo/turn_on_off.md#turn-off-for-a-group) | | | | | ✓ | ✓ | |
| <br>Configure [self-hosted models](../administration/self_hosted_models/configure_duo_features.md) | | | | | | ✓ | |
| <br>Enable [beta and experimental features](gitlab_duo/turn_on_off.md#turn-on-beta-and-experimental-features) | | | | | | ✓ | |
| <br>Use Duo features | | | ✓ | ✓ | ✓ | ✓ | Requires [user being assigned a seat to gain access to a Duo add-on](../subscriptions/subscription-add-ons.md#assign-gitlab-duo-seats). |
| Action | Non-member | Guest | Reporter | Developer | Maintainer | Owner | Notes |
| --------------------------------------------------------------------------------------------------------- | ---------- | ----- | -------- | --------- | ---------- | ----- | ----- |
| Use Duo features | | | ✓ | | ✓ | ✓ | Requires [user being assigned a seat to gain access to a Duo add-on](../subscriptions/subscription-add-ons.md#assign-gitlab-duo-seats). |
| Configure [Duo feature availability](gitlab_duo/turn_on_off.md#turn-off-for-a-group) | | | | | ✓ | ✓ | |
| Configure [self-hosted models](../administration/self_hosted_models/configure_duo_features.md) | | | | | | ✓ | |
| Enable [beta and experimental features](gitlab_duo/turn_on_off.md#turn-on-beta-and-experimental-features) | | | | | | ✓ | |
| Purchase [Duo seats](../subscriptions/subscription-add-ons.md#purchase-additional-gitlab-duo-seats) | | | | | | ✓ | |
### Groups group permissions
......@@ -451,21 +474,21 @@ Group permissions for [group features](../user/group/index.md):
|--------------------------------------------------------------------------------------------|-------|----------|-----------|------------|-------|-------|
| Browse group | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Create project in group | | | ✓ | ✓ | ✓ | Developers, Maintainers and Owners: Only if the project creation role is set at the [instance level](../administration/settings/visibility_and_access_controls.md#define-which-roles-can-create-projects) or the [group level](group/index.md#specify-who-can-add-projects-to-a-group).<br><br>Developers: Developers can push commits to the default branch of a new project only if the [default branch protection](group/manage.md#change-the-default-branch-protection-of-a-group) is set to "Partially protected" or "Not protected". |
| View group audit events | | | ✓ | ✓ | ✓ | Developers and Maintainers can only view events based on their individual actions. |
| Create subgroup | | | | ✓ | ✓ | Maintainers: Only if users with the Maintainer role [can create subgroups](group/subgroups/index.md#change-who-can-create-subgroups). |
| Edit [epic](group/epics/index.md) comments (posted by any user) | | | | ✓ | ✓ | |
| Fork project into a group | | | | ✓ | ✓ | |
| View [Billing](../subscriptions/gitlab_com/index.md#view-your-gitlabcom-subscription) | | | | | ✓ | Does not apply to subgroups |
| View group [Usage Quotas](usage_quotas.md) page | | | | | ✓ | Does not apply to subgroups |
| [Migrate group](group/import/index.md) | | | | | ✓ | |
| Delete group | | | | | ✓ | |
| Manage [subscriptions, storage, and compute minutes](../subscriptions/gitlab_com/index.md) | | | | | ✓ | |
| Manage [group access tokens](group/settings/group_access_tokens.md) | | | | | ✓ | |
| Change group visibility level | | | | | ✓ | |
| Edit group settings | | | | | ✓ | |
| Disable notification emails | | | | | ✓ | |
| Configure project templates | | | | | ✓ | |
| Change group visibility level | | | | | ✓ | |
| Manage [group access tokens](group/settings/group_access_tokens.md) | | | | | ✓ | |
| Configure [SAML SSO](group/saml_sso/index.md) | | | | | ✓ | Does not apply to subgroups |
| [Migrate groups](group/import/index.md) | | | | | ✓ | |
| Delete group | | | | | ✓ | |
| View group audit events | | | ✓ | ✓ | ✓ | Developers and Maintainers can only view events based on their individual actions. |
| Disable notification emails | | | | | ✓ | |
### Project planning group permissions
......@@ -482,19 +505,20 @@ Group permisisons for [epics](group/epics/index.md):
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
|:------------------------------------------------------------------------------|:------|:---------|:----------|:-----------|:------|:------|
| View epic | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Add an issue to an [epic](group/epics/index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | You must have permission to [view the epic](group/epics/manage_epics.md#who-can-view-an-epic) and edit the issue. |
| Add/remove [child epics](group/epics/manage_epics.md#multi-level-child-epics) | ✓ | ✓ | ✓ | ✓ | ✓ | You must have permission to [view](group/epics/manage_epics.md#who-can-view-an-epic) the parent and child epics. |
| Create epic | | ✓ | ✓ | ✓ | ✓ | |
| Edit epic | | ✓ | ✓ | ✓ | ✓ | |
| Manage [epic boards](group/epics/epic_boards.md) | | ✓ | ✓ | ✓ | ✓ | |
| Delete epic | | | | | ✓ | |
| Manage [epic boards](group/epics/epic_boards.md) | | ✓ | ✓ | ✓ | ✓ | |
| Add issue to an [epic](group/epics/index.md) | ✓ | ✓ | ✓ | ✓ | ✓ | You must have permission to [view the epic](group/epics/manage_epics.md#who-can-view-an-epic) and edit the issue. |
| Add/remove [child epics](group/epics/manage_epics.md#multi-level-child-epics) | ✓ | ✓ | ✓ | ✓ | ✓ | You must have permission to [view](group/epics/manage_epics.md#who-can-view-an-epic) the parent and child epics. |
Group permissions for [wikis](project/wiki/group.md):
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
|----------------------------------|:-----:|:--------:|:---------:|:----------:|:-----:|-------|
| View group wiki | ✓ | ✓ | ✓ | ✓ | ✓ | Guests: In addition, if your group is public or internal, all users who can see the group can also see group wiki pages. |
| Create and edit group wiki pages | | | ✓ | ✓ | ✓ | |
| Create group wiki pages | | | ✓ | ✓ | ✓ | |
| Edit group wiki pages | | | ✓ | ✓ | ✓ | |
| Delete group wiki pages | | | ✓ | ✓ | ✓ | |
### Packages and registries group permissions
......@@ -509,16 +533,18 @@ Group permissions for [container registry](../user/packages/index.md):
Group permissions for [package registry](../user/packages/index.md):
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
|-------------------------------------------|:-----:|:--------:|:---------:|:----------:|:-----:|-------|
| Pull packages | | ✓ | ✓ | ✓ | ✓ | |
| Publish packages | | | ✓ | ✓ | ✓ | |
| Delete packages | | | | ✓ | ✓ | |
| Manage package settings | | | | | ✓ | |
| Manage dependency proxy cleanup policies | | | | | ✓ | |
| Purge the dependency proxy for a group | | | | | ✓ | |
| Enable/disable a dependency proxy | | | | | ✓ | |
| Enable/disable package request forwarding | | | | | ✓ | |
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
| ---------------------------------------- | :---: | :------: | :-------: | :--------: | :---: | ----- |
| Pull packages | | ✓ | ✓ | ✓ | ✓ | |
| Publish packages | | | ✓ | ✓ | ✓ | |
| Delete packages | | | | ✓ | ✓ | |
| Manage package settings | | | | | ✓ | |
| Manage dependency proxy cleanup policies | | | | | ✓ | |
| Enable dependency proxy | | | | | ✓ | |
| Disable dependency proxy | | | | | ✓ | |
| Purge the dependency proxy for a group | | | | | ✓ | |
| Enable package request forwarding | | | | | ✓ | |
| Disable package request forwarding | | | | | ✓ | |
### Repository group permissions
......@@ -526,30 +552,30 @@ Group permissions for [repository](project/repository/index.md) features includi
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
|----------------------------------------------------------------------------------------|:-----:|:--------:|:---------:|:----------:|:-----:|-------|
| Manage [deploy tokens](project/deploy_tokens/index.md) | | | | | ✓ | |
| Manage [merge request settings](group/manage.md#group-merge-request-approval-settings) | | | | | ✓ | |
| Manage [push rules](group/access_and_permissions.md#group-push-rules) | | | | | ✓ | |
| Manage [deploy tokens](project/deploy_tokens/index.md) | | | | | ✓ | |
### User management group permissions
Group permissions for user management:
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
|-----------------------------------|:-----:|:--------:|:---------:|:----------:|:-----:|-------|
| Manage group members | | | | | ✓ | |
| View 2FA status of members | | | | | ✓ | |
| Filter members by 2FA status | | | | | ✓ | |
| Share (invite) groups with groups | | | | | ✓ | |
| Manage group-level custom roles | | | | | ✓ | |
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
| ------------------------------- | :---: | :------: | :-------: | :--------: | :---: | ----- |
| View 2FA status of members | | | | | ✓ | |
| Manage group members | | | | | ✓ | |
| Manage group-level custom roles | | | | | ✓ | |
| Share (invite) groups to groups | | | | | ✓ | |
| Filter members by 2FA status | | | | | ✓ | |
### Workspace group permissions
Groups permissions for workspaces:
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
|-----------------------------------------------------------------------------------------|-------|----------|-----------|------------|-------|-------|
| Map or unmap workspace cluster agents to and from a group | | | | | | |
| View workspace cluster agents mapped to a group | | | | | | |
| Action | Guest | Reporter | Developer | Maintainer | Owner | Notes |
| --------------------------------------------------------- | :---: | :------: | :-------: | :--------: | :---: | ----- |
| View workspace cluster agents mapped to a group | | | | | | |
| Map or unmap workspace cluster agents to and from a group | | | | | | |
## Subgroup permissions
......
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册