Commit b68e6462 authored by Marcia Ramos's avatar Marcia Ramos Committed by Achilleas Pipinellis

Docs: New index for permissions

parent a2918d56
...@@ -5,17 +5,17 @@ particular group or project. If a user is both in a group's project and the ...@@ -5,17 +5,17 @@ particular group or project. If a user is both in a group's project and the
project itself, the highest permission level is used. project itself, the highest permission level is used.
On public and internal projects the Guest role is not enforced. All users will On public and internal projects the Guest role is not enforced. All users will
be able to create issues, leave comments, and pull or download the project code. be able to create issues, leave comments, and clone or download the project code.
When a member leaves the team the all assigned Issues and Merge Requests When a member leaves the team all the assigned [Issues](project/issues/index.md) and [Merge Requests](project/merge_requests/index.md)
will be unassigned automatically. will be unassigned automatically.
GitLab administrators receive all permissions. GitLab [administrators](../README.md#administrator-documentation) receive all permissions.
To add or import a user, you can follow the To add or import a user, you can follow the
[project members documentation](../user/project/members/index.md). [project members documentation](../user/project/members/index.md).
## Project ## Project members permissions
The following table depicts the various user permission levels in a project. The following table depicts the various user permission levels in a project.
...@@ -75,7 +75,58 @@ The following table depicts the various user permission levels in a project. ...@@ -75,7 +75,58 @@ The following table depicts the various user permission levels in a project.
| Remove protected branches [^3] | | | | | | | Remove protected branches [^3] | | | | | |
| Remove pages | | | | | ✓ | | Remove pages | | | | | ✓ |
## Group ## Project features permissions
### Wiki and issues
Project features like wiki and issues can be hidden from users depending on
which visibility level you select on project settings.
- Disabled: disabled for everyone
- Only team members: only team members will see even if your project is public or internal
- Everyone with access: everyone can see depending on your project visibility level
### Protected branches
To prevent people from messing with history or pushing code without
review, we've created protected branches. Read through the documentation on
[protected branches](project/protected_branches.md)
to learn more.
Additionally, you can allow or forbid users with Master and/or
Developer permissions to push to a protected branch. Read through the documentation on
[Allowed to Merge and Allowed to Push settings](project/protected_branches.md#using-the-allowed-to-merge-and-allowed-to-push-settings)
to learn more.
### Cycle Analytics permissions
Find the current permissions on the Cycle Analytics dashboard on
the [documentation on Cycle Analytics permissions](project/cycle_analytics.md#permissions).
### Issue Board permissions
Developers and users with higher permission level can use all
the functionality of the Issue Board, that is create/delete lists
and drag issues around. Read though the
[documentation on Issue Boards permissions](project/issue_board.md#permissions)
to learn more.
### File Locking permissions (EEP)
The user that locks a file or directory is the only one that can edit and push their changes back to the repository where the locked objects are located.
Read through the documentation on [permissions for File Locking](https://docs.gitlab.com/ee/user/project/file_lock.html#permissions-on-file-locking) to learn more.
File Locking is available in
[GitLab Enterprise Edition Premium](https://about.gitlab.com/gitlab-ee/) only.
### Confidential Issues permissions
Confidential issues can be accessed by reporters and higher permission levels,
as well as by guest users that create a confidential issue. To learn more,
read through the documentation on [permissions and access to confidential issues](project/issues/confidential_issues.md#permissions-and-access-to-confidential-issues).
## Group members permissions
Any user can remove themselves from a group, unless they are the last Owner of Any user can remove themselves from a group, unless they are the last Owner of
the group. The following table depicts the various user permission levels in a the group. The following table depicts the various user permission levels in a
...@@ -91,7 +142,16 @@ group. ...@@ -91,7 +142,16 @@ group.
| Remove group | | | | | ✓ | | Remove group | | | | | ✓ |
| Manage group labels | | ✓ | ✓ | ✓ | ✓ | | Manage group labels | | ✓ | ✓ | ✓ | ✓ |
## External Users ### Subgroup permissions
When you add a member to a subgroup, they inherit the membership and
permission level from the parent group. This model allows access to
nested groups if you have membership in one of its parents.
To learn more, read through the documentation on
[subgroups memberships](group/subgroups/index.md#membership).
## External users permissions
In cases where it is desired that a user has access only to some internal or In cases where it is desired that a user has access only to some internal or
private projects, there is the option of creating **External Users**. This private projects, there is the option of creating **External Users**. This
...@@ -115,18 +175,9 @@ will find the option to flag the user as external. ...@@ -115,18 +175,9 @@ will find the option to flag the user as external.
By default new users are not set as external users. This behavior can be changed By default new users are not set as external users. This behavior can be changed
by an administrator under **Admin > Application Settings**. by an administrator under **Admin > Application Settings**.
## Project features ## GitLab CI/CD permissions
Project features like wiki and issues can be hidden from users depending on
which visibility level you select on project settings.
- Disabled: disabled for everyone
- Only team members: only team members will see even if your project is public or internal
- Everyone with access: everyone can see depending on your project visibility level
## GitLab CI
GitLab CI permissions rely on the role the user has in GitLab. There are four GitLab CI/CD permissions rely on the role the user has in GitLab. There are four
permission levels in total: permission levels in total:
- admin - admin
...@@ -134,7 +185,7 @@ permission levels in total: ...@@ -134,7 +185,7 @@ permission levels in total:
- developer - developer
- guest/reporter - guest/reporter
The admin user can perform any action on GitLab CI in scope of the GitLab The admin user can perform any action on GitLab CI/CD in scope of the GitLab
instance and project. In addition, all admins can use the admin interface under instance and project. In addition, all admins can use the admin interface under
`/admin/runners`. `/admin/runners`.
...@@ -150,7 +201,7 @@ instance and project. In addition, all admins can use the admin interface under ...@@ -150,7 +201,7 @@ instance and project. In addition, all admins can use the admin interface under
| See events in the system | | | | ✓ | | See events in the system | | | | ✓ |
| Admin interface | | | | ✓ | | Admin interface | | | | ✓ |
### Jobs permissions ### Job permissions
>**Note:** >**Note:**
GitLab 8.12 has a completely redesigned job permissions system. GitLab 8.12 has a completely redesigned job permissions system.
...@@ -174,6 +225,26 @@ users: ...@@ -174,6 +225,26 @@ users:
| Push container images to current project | | ✓ | ✓ | ✓ | | Push container images to current project | | ✓ | ✓ | ✓ |
| Push container images to other projects | | | | | | Push container images to other projects | | | | |
### New CI job permissions model
GitLab 8.12 has a completely redesigned job permissions system. To learn more,
read through the documentation on the [new CI/CD permissions model](project/new_ci_build_permissions_model.md#new-ci-job-permissions-model).
## LDAP users permissions
Since GitLab 8.15, LDAP user permissions can now be manually overridden by an admin user.
Read through the documentation on [LDAP users permissions](https://docs.gitlab.com/ee/articles/how_to_configure_ldap_gitlab_ee/index.html#updating-user-permissions-new-feature) to learn more.
## Auditor users permissions (EEP)
An Auditor user should be able to access all projects and groups of a GitLab instance
with the permissions described on the documentation on [auditor users permissions](https://docs.gitlab.com/ee/administration/auditor_users.html#permissions-and-restrictions-of-an-auditor-user).
Auditor users are available in [GitLab Enterprise Edition Premium](https://about.gitlab.com/gitlab-ee/)
only.
----
[^1]: Guest users can only view the confidential issues they created themselves [^1]: Guest users can only view the confidential issues they created themselves
[^2]: If **Public pipelines** is enabled in **Project Settings > Pipelines** [^2]: If **Public pipelines** is enabled in **Project Settings > Pipelines**
[^3]: Not allowed for Guest, Reporter, Developer, Master, or Owner [^3]: Not allowed for Guest, Reporter, Developer, Master, or Owner
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment