I would like to enable a group of users to fork any repo from a GitLab group and subsequently send PR's to repos in that GitLab group but not be able to push to repos in that GitLab group.
Is this possible using one of the standard access levels; Guest/Reporter/Developer ?
You can set yourself as the only one with write access:
That way, many people can send pull requests to your branch, but only you can merge them.
Turns out that the 'Reporter' access level does exactly what I need.
What I did was;
Grant one user group Owner access to the repo group (the release managers in my context)
Grant another user group Reporter access to the repo group (the feature devs)
The release managers now have full access, the feature devs can fork and send PR's (merge requests in GL vocab).
Related
Would it be possible to restrict developers not to create a branch in gitlab? Only Owner or Maintainer should create.
Any help would be appreciated.
You should be able to using protected branches.
Go to Settings -> Repository, and navigate to Protected Branches.
You can then create a wildcard to protect all branches, and only allow Maintainers or Owners to push/merge.
After a lot of internet searching, I don't think you can stop specific users from creating new branches. Although, most of the suggestions given to accomplish some sort of control is to use protected branches.
Most suggestions along this route tell you to restrict branch creation for individuals with the "Developer" role, while allowing those with "Maintainer" role to continue creating branches on GitLab.
But, my use case desires the ability to restrict only some of the users with "Developer" access. My team is quite large, and I only want to restrict a small percentage of them from creating branches. I don't want to have to make the majority of my developers into "Maintainers" just to accomplish this restriction. Thus, I believe that restricting branch creation by individual user is not possible with GitLab at this time.
I want any user in our Group that created a new repository to automatically have maintainer rights for that repo.
I can't find any administrative settings on Gitlab.com that would imply the ability to do this automatically.
I have all users in the group set to "Developer" privileges on all repos but I'd like to have the user that created the repo to be set as "Maintainer" upon repo creation.
I haven't tried this, but here is the idea.
Setup a System Hook for project_create event:
https://docs.gitlab.com/ce/api/system_hooks.html
https://docs.gitlab.com/ce/system_hooks/system_hooks.html
In hook body owner_name is hopefully the creator.
So in your script you can then make an API call to promote user:
https://docs.gitlab.com/ee/api/members.html#add-a-member-to-a-group-or-project
We have an issue. User is in the Contributors group of the VSTS project. Able to view dashboard and work items. Unable to view Repos. Need help. Any suggestions?
User needed an MSDN license to use Visual Studio in addition to being in the correct group of the VSTS project. Trial license was not good enough.
According to your description, highly doubt those users only have Stakeholder access level.
People with Stakeholder access level could not commit their work on branch and unable to view repos.
Assign Stakeholder access to those users who need to enter bugs,
view backlogs, boards, charts, and dashboards, but who don't buy basic access. Stakeholders can also view releases and manage release
approvals. Stakeholder access is free.
Source Link: About access levels
See Stakeholder access for details of features available to stakeholders.
The user should have either Basic access or Visual Studio subscription which include code feature.
Moreover, if it's still not able to see any other projects after giving them those access. There is another concept called Permissions in Azure DevOps. Double check the permission for Contributor group.
Also make sure you have not add them to any other project team group expect the contribute group.
Once deny the Read permission for repos level, user will not be able to see the repos.
Read
Can read the contents of a file or folder. If a user has Read
permissions for a folder, the user can see the contents of the folder
and the properties of the files in it, even if the user does not have
permission to open the files.
I've a requirement, where I need to add a few users from the UI. I'm working with "developer" access to the project in GitLab. Even if already a few users are added with different access while the project is created and only users added from the UI to perform developer role without making any changes in the project.
Is it possible and how to implement it?
"Overwriting" permissions is not possible and if you want to simulate this behavior you could create a new group and share this project with another group. Then you would need to deny access to individual group members. See this permission matrix.
I have a project which our research lab is working, but only a few members can have access to the codes. We are using Git and BitBucket, but we want to use the server lab as our main repository. I have the following constraints:
We don't have admin rights;
Only a few members can have access to the files;
Every lab member already has its own login in the server.
How can I make this work?
I was thinking to ask the admin to add a group in the server, which would have read/write rights in our Git repository folder. Does it work? Is there a better way to manage these Git repositories with these constraints?
In addition to what Borealid wrote in his answer, you could also use gitolite. It allows you to have much more fine-grained access control (e.g. you can prevent users from deleting your repositories or prevent (some of) them from pushing to certain branches). It doesn't require root access.
Having a POSIX group which is granted access to the repository directory is a fine way to do things.
Just be aware that you have to trust the other group members - they could delete the directory entirely, without using the git client.