Commit 069fb482 authored by Achilleas Pipinellis's avatar Achilleas Pipinellis

Make it clear that approvers need developer+ permissions

It wasn't clear that approvers need developer or higher
permissions.
parent a26d0984
......@@ -23,9 +23,6 @@ GitLab [administrators](../administration/index.md) receive all permissions.
To add or import a user, you can follow the
[project members documentation](project/members/index.md).
For information on eligible approvers for Merge Requests, see
[Eligible approvers](project/merge_requests/merge_request_approvals.md#eligible-approvers).
## Principles behind permissions
See our [product handbook on permissions](https://about.gitlab.com/handbook/product/#permissions-in-gitlab)
......@@ -99,6 +96,7 @@ The following table depicts the various user permission levels in a project.
| Assign merge requests | | | ✓ | ✓ | ✓ |
| Label merge requests | | | ✓ | ✓ | ✓ |
| Lock merge request threads | | | ✓ | ✓ | ✓ |
| Approve merge requests (*9*) | | | ✓ | ✓ | ✓ |
| Manage/Accept merge requests | | | ✓ | ✓ | ✓ |
| Create new environments | | | ✓ | ✓ | ✓ |
| Stop environments | | | ✓ | ✓ | ✓ |
......@@ -177,6 +175,8 @@ The following table depicts the various user permission levels in a project.
1. Guest users can access GitLab [**Releases**](project/releases/index.md) for downloading assets but are not allowed to download the source code nor see repository information like tags and commits.
1. Actions are limited only to records owned (referenced) by user.
1. When [Share Group Lock](./group/index.md#share-with-group-lock) is enabled the project can't be shared with other groups. It does not affect group with group sharing.
1. For information on eligible approvers for merge requests, see
[Eligible approvers](project/merge_requests/merge_request_approvals.md#eligible-approvers).
## Project features permissions
......
......@@ -73,19 +73,27 @@ be used for merge request approvals:
- As [merge request eligible approvers](merge_requests/merge_request_approvals.md#code-owners-as-eligible-approvers).
- As required approvers for [protected branches](protected_branches.md#protected-branches-approval-by-code-owners-premium). **(PREMIUM)**
NOTE: **Note**:
Developer or higher [permissions](../permissions.md) are required in order to
approve a merge request.
Once set, Code Owners are displayed in merge requests widgets:
![MR widget - Code Owners](img/code_owners_mr_widget_v12_4.png)
NOTE: **Note**:
While the`CODEOWNERS` file can be used in addition to Merge Request [Approval Rules](merge_requests/merge_request_approvals.md#approval-rules) it can also be used as the sole driver of a Merge Request approval (without using [Approval Rules](merge_requests/merge_request_approvals.md#approval-rules)) by simply creating the file in one of the three locations specified above, configuring the Code Owners to be required approvers for [protected branches](protected_branches.md#protected-branches-approval-by-code-owners-premium) and then using [the syntax of Code Owners files](code_owners.md#the-syntax-of-code-owners-files) to specify the actual owners and granular permissions.
While the `CODEOWNERS` file can be used in addition to Merge Request [Approval Rules](merge_requests/merge_request_approvals.md#approval-rules)
it can also be used as the sole driver of merge request approvals
(without using [Approval Rules](merge_requests/merge_request_approvals.md#approval-rules)).
To do so, create the file in one of the three locations specified above and
set the code owners as required approvers for [protected branches](protected_branches.md#protected-branches-approval-by-code-owners-premium).
Use [the syntax of Code Owners files](code_owners.md#the-syntax-of-code-owners-files)
to specify the actual owners and granular permissions.
NOTE: **Note**:
Using Code Owners in conjunction with [Protected Branches Approvals](protected_branches.md#protected-branches-approval-by-code-owners-premium)
will prevent any user who is not specified in the `CODEOWNERS` file from pushing changes
Using Code Owners in conjunction with [Protected Branches Approvals](protected_branches.md#protected-branches-approval-by-code-owners-premium)
will prevent any user who is not specified in the `CODEOWNERS` file from pushing changes
for the specified files/paths, even if their role is included in the **Allowed to push** column.
This allows for a more inclusive push strategy, as administrators don't have to restrict developers
from pushing directly to the protected branch, but can restrict pushing to certain
from pushing directly to the protected branch, but can restrict pushing to certain
files where a review by Code Owners is required.
## The syntax of Code Owners files
......
......@@ -34,10 +34,12 @@ minimum number of required approvers can still be set in the [project settings f
### Eligible approvers
The following can approve merge requests:
The following users can approve merge requests:
- Users being added as approvers at project or merge request level.
- [Code owners](#code-owners-as-eligible-approvers) to the files changed by the merge request.
- Users who have been added as approvers at the project or merge request levels with
developer or higher [permissions](../../permissions.md).
- [Code owners](#code-owners-as-eligible-approvers) of the files changed by the merge request
that have developer or higher [permissions](../../permissions.md).
An individual user can be added as an approver for a project if they are a member of:
......@@ -68,7 +70,7 @@ were not explicitly listed in the approval rules.
If you add [Code Owners](../code_owners.md) to your repository, the owners to the
corresponding files will become eligible approvers, together with members with Developer
or higher permissions.
or higher [permissions](../../permissions.md).
To enable this merge request approval rule:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment