A user can see his GitLab group permissions (if he is a direct group member) on the group overview page - but for the projects overview page the own role / permission level is not listed.
If a user is a member of a GitLab project but not of the corresponding group of the project - how can this user see his project permissions? Is there any way for a user to see his own permissions in a GitLab project? Can such a user see the other participating project members?
GitLab version is 8.5.7 CE.
This feature was added in the meantime (having GitLab version 10.x while writing this answer). The members page of a project now lists the permissions for all members (direct project members and inherited group members).
Related
I am trying to create new collection level custom group which members would see all projects under my organisation but could not set access rights in organisation or projects unless added to project admins. However, I do not find any place where I could restrict access to user access for this group members. Also I cannot find anything that would give automatically access to all projects. However, the project collection administrators group has this permission but it is not visible anywhere.
There is no such permission to control users would see all projects (exclude Public projects) under organisation. You have to add the users to the projects, at least add to Readers group, then they can see the team projects.
You could add a group rule, add the users in this group, and then assign all team projects to them.
More details of Permissions, please refer to the following link:
https://learn.microsoft.com/en-us/azure/devops/organizations/security/permissions?view=azure-devops&tabs=preview-page
Description
I am adding project's team members as Project Collection Administrators within the Organisation. To make this easier, I wanted to add the Project Team group as such [Team Name]\Team. To enable more people to be added as admins as the project grows. This appears to be allowed^ but I get an error "We are unable to add members to this group at this time. Please try again at a later time or contact support for help"
^ Link to DevOps Documentation:
https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/manage-azure-active-directory-groups?view=azure-devops
Other Tries
I have tried doing it later and also added groups that belong to the organisation such as [org name]\[Team lead Developers] or [org name]\Project Collection Test Service Accounts. These are all allowed but not the group formed by Project Teams.
Steps to the issues
Add a project team group to one of the default organisation permissions groups such as the Project Collection Administrators.
Error is:
We are unable to add members to this group at this time. Please try
again at a later time or contact support for help
I expect the group to be added like any other group.
Any ideas to this issue?
Cheers.
This is as designed.
The Add operations between groups need to be at the same level or a high level group added to the lower level group. For example an organization group can be added to a project group,the reverse is not possible .
So, if the group is a project group, then this project group could not be added to an organization group.
For Project level administration (not Organization level), you can make a specific Team have Project Administration level permissions from this menu:
Project Settings > Security > (select team) > Permissions
and then set the following to Allow:
Edit project-level information
Essentially, your goal will be to copy any desired permits from the Project Administrators to the [team] permits.
Really, you can set all these permissions to "Allow" if you really want that [team] to have "full" access to administer.
This will give that team a lot of flexibility to administer within the Project space. It will not; however, let them administer licensing and other Org level items. From my experience, you cannot add [Team] to [Org] level groups; though, you can add [Org] groups to [Project] and [Team] level groups.
If you really want large groups to administer, and you have AD integration; then you can add an AD email distro or security group to the Project Collection Administrators group. That's not something I would ever do since that would be considered dangerous in my Company, but you may not have the same requirements for security, access, and cost controls.
We have an issue. User is in the Contributors group of the VSTS project. Able to view dashboard and work items. Unable to view Repos. Need help. Any suggestions?
User needed an MSDN license to use Visual Studio in addition to being in the correct group of the VSTS project. Trial license was not good enough.
According to your description, highly doubt those users only have Stakeholder access level.
People with Stakeholder access level could not commit their work on branch and unable to view repos.
Assign Stakeholder access to those users who need to enter bugs,
view backlogs, boards, charts, and dashboards, but who don't buy basic access. Stakeholders can also view releases and manage release
approvals. Stakeholder access is free.
Source Link: About access levels
See Stakeholder access for details of features available to stakeholders.
The user should have either Basic access or Visual Studio subscription which include code feature.
Moreover, if it's still not able to see any other projects after giving them those access. There is another concept called Permissions in Azure DevOps. Double check the permission for Contributor group.
Also make sure you have not add them to any other project team group expect the contribute group.
Once deny the Read permission for repos level, user will not be able to see the repos.
Read
Can read the contents of a file or folder. If a user has Read
permissions for a folder, the user can see the contents of the folder
and the properties of the files in it, even if the user does not have
permission to open the files.
I want to transfer a project from a group to another user. For e.g from https://gitlab.local/groupname/projectname to https://gitlab.local/userA/projectname
How can I achieve this? I have gitadmin permissions.
Go to
Settings ▶ General ▶ Advanced ▶ Transfer project
▶ Select a new namespace
Contrary the other answer, on this way you can move only a project to another namespace where you are an owner. Being a gitlab admin is not enough for that; you need to have
"owner" permission to the the project.
"owner" permission to the target namespace.
This is why you can see only your own personal namespace in the list of the possible targets in the Settings ⇒ General ⇒ Advanced ⇒ Transfer Project option.
What I did to solve the problem:
I gave "owner" permission for "userA" on the project.
Then, I impersonated "userA" ("Impresonate" button in the top right corner on the user admin page, which is https://your.gitlab.host/admin/users/userA ).
Then, I went to the project profile page
And then, Settings ⇒ General ⇒ Advanced ⇒ Transfer, as "userA", has already displayed the personal namespace of "userA" as one of the possible targets.
This is for the latest stable Gitlab (12.9.1).
Making yourself an owner of the personal namespace of "userA" might also work, however I did not find any way to manipulate permissions on personal namespaces.
I'm trying to get to the admin area so I can set the time-to-live for the gitlab container registry token. However, I don't see where that's available to me. I am the sole owner and creator of the project after I signed up for a Gitlab account and clicked to create a new project. My problem is similar to this person:
https://forum.gitlab.com/t/where-is-the-admin-area/5936
except I'm not using Gitlab CE.
So how can I become an admin for my own project so I can change some admin settings?
You can't have access to the admin area of gitlab.com. It is a private instance of Gitlab Enterprise Edition, belonging to Gitlab. They do allow anyone to have unlimited access (any number of public or private repositories as well as groups etc) but you can't be an admin.
Being an admin would mean you could see anyone's projects or delete them etc. That's not reasonable...