The permitted visibility levels for an auditor user should also include private,
because it has read-only access to every project/group on the GitLab instance.