@@ -121,7 +121,7 @@ Learn how to install, configure, update, and maintain your GitLab instance.
...
@@ -121,7 +121,7 @@ Learn how to install, configure, update, and maintain your GitLab instance.
-[Creating users](../user/profile/account/create_accounts.md): Create users manually or through authentication integrations.
-[Creating users](../user/profile/account/create_accounts.md): Create users manually or through authentication integrations.
-[Libravatar](libravatar.md): Use Libravatar instead of Gravatar for user avatars.
-[Libravatar](libravatar.md): Use Libravatar instead of Gravatar for user avatars.
-[Sign-up restrictions](../user/admin_area/settings/sign_up_restrictions.md): block email addresses of specific domains, or whitelist only specific domains.
-[Sign-up restrictions](../user/admin_area/settings/sign_up_restrictions.md): block email addresses of specific domains, or whitelist only specific domains.
-[Access restrictions](../user/admin_area/settings/visibility_and_access_controls.md#enabled-git-access-protocols): Define which Git access protocols can be used to talk to GitLab (SSH, HTTP, HTTPS).
-[Access restrictions](../user/admin_area/settings/visibility_and_access_controls.md#configure-enabled-git-access-protocols): Define which Git access protocols can be used to talk to GitLab (SSH, HTTP, HTTPS).
-[Authentication and Authorization](auth/index.md): Configure external authentication with LDAP, SAML, CAS, and additional providers.
-[Authentication and Authorization](auth/index.md): Configure external authentication with LDAP, SAML, CAS, and additional providers.
@@ -51,7 +51,7 @@ To access the default page for Admin Area settings:
...
@@ -51,7 +51,7 @@ To access the default page for Admin Area settings:
| Option | Description |
| Option | Description |
| ------ | ----------- |
| ------ | ----------- |
| [Repository's custom initial branch name](../../project/repository/branches/default.md#instance-level-custom-initial-branch-name) | Set a custom branch name for new repositories created in your instance. |
| [Repository's custom initial branch name](../../project/repository/branches/default.md#instance-level-custom-initial-branch-name) | Set a custom branch name for new repositories created in your instance. |
| Repository maintenance | ([Repository checks](../../../administration/repository_checks.md) and [Housekeeping](../../../administration/housekeeping.md)). Configure automatic Git checks and housekeeping on repositories. |
| Repository maintenance | ([Repository checks](../../../administration/repository_checks.md) and [Housekeeping](../../../administration/housekeeping.md)). Configure automatic Git checks and housekeeping on repositories. |
| [Repository static objects](../../../administration/static_objects_external_storage.md) | Serve repository static objects (for example, archives and blobs) from an external storage (for example, a CDN). |
| [Repository static objects](../../../administration/static_objects_external_storage.md) | Serve repository static objects (for example, archives and blobs) from an external storage (for example, a CDN). |
This setting applies only to each repositories' default branch. To protect other branches, you must configure branch protection in repository. For details, see [protected branches](../../project/protected_branches.md).
- Push to branches.
- Delete branches.
To change the default branch protection:
This setting applies only to each repository's default branch. To protect other branches,
you must configure [branch protection in the repository](../../project/protected_branches.md),
or configure [branch protection for groups](../../group/index.md#change-the-default-branch-protection-of-a-group).
1. Select the desired option.
To change the default branch protection for the entire instance:
1. Click **Save changes**.
For more details, see [Protected branches](../../project/protected_branches.md).
To change this setting for a specific group, see [Default branch protection for groups](../../group/index.md#change-the-default-branch-protection-of-a-group)
1. Sign in to GitLab as a user with [Administrator role](../../permissions.md).
1. On the top bar, select **Menu >****{admin}****Admin**.
1. In the left sidebar, select **Settings > General**.
1. Expand the **Visibility and access controls** section.
1. Select a **Default branch protection**:
-**Not protected** - Both developers and maintainers can push new commits,
force push, or delete the branch.
-**Protected against pushes** - Developers cannot push new commits, but are
allowed to accept merge requests to the branch. Maintainers can push to the branch.
-**Partially protected** - Both developers and maintainers can push new commits,
but cannot force push or delete the branch.
-**Fully protected** - Developers cannot push new commits, but maintainers can.
No one can force push or delete the branch.
1. To allow group owners to override the instance's default branch protection, select
[**Allow owners to manage default branch protection per group**](#prevent-overrides-of-default-branch-protection).
1. Select **Save changes**.
### Disable group owners from updating default branch protection **(PREMIUM SELF)**
### Prevent overrides of default branch protection **(PREMIUM SELF)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/211944) in GitLab 13.0.
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/211944) in GitLab 13.0.
By default, group owners are allowed to override the branch protection set at the global level.
Instance-level protections for [default branch](../../project/repository/branches/default.md)
can be overridden on a per-group basis by the group's owner. In
In [GitLab Premium or higher](https://about.gitlab.com/pricing/), GitLab administrators can disable this privilege of group owners.
[GitLab Premium or higher](https://about.gitlab.com/pricing/), GitLab administrators can
disable this privilege for group owners, enforcing the instance-level protection rule:
To do this:
1. Uncheck the **Allow owners to manage default branch protection per group** checkbox.
1. Sign in to GitLab as a user with [Administrator role](../../permissions.md).
1. On the top bar, select **Menu >****{admin}****Admin**.
1. In the left sidebar, select **Settings > General**.
1. Expand the **Visibility and access controls** section.
1. Deselect the **Allow owners to manage default branch protection per group** checkbox.
1. Select **Save changes**.
NOTE:
NOTE:
GitLab administrators can still update the default branch protection of a group.
GitLab administrators can still update the default branch protection of a group.
## Default project creation protection
## Define which roles can create projects
Project creation protection specifies which roles can create projects.
To change the default project creation protection:
1. Select the desired option.
1. Click **Save changes**.
For more details, see [Specify who can add projects to a group](../../group/index.md#specify-who-can-add-projects-to-a-group).
Instance-level protections for project creation define which roles can
[add projects to a group](../../group/index.md#specify-who-can-add-projects-to-a-group)]
on the instance. To alter which roles have permission to create projects:
@@ -37,7 +37,7 @@ Like projects, a group can be configured to limit the visibility of it to:
...
@@ -37,7 +37,7 @@ Like projects, a group can be configured to limit the visibility of it to:
- All signed-in users.
- All signed-in users.
- Only explicit group members.
- Only explicit group members.
The restriction for [visibility levels](../admin_area/settings/visibility_and_access_controls.md#restricted-visibility-levels)
The restriction for [visibility levels](../admin_area/settings/visibility_and_access_controls.md#restrict-visibility-levels)
on the application setting level also applies to groups. If set to internal, the explore page is
on the application setting level also applies to groups. If set to internal, the explore page is
empty for anonymous users. The group page has a visibility level icon.
empty for anonymous users. The group page has a visibility level icon.
...
@@ -220,10 +220,10 @@ To change this setting for a specific group:
...
@@ -220,10 +220,10 @@ To change this setting for a specific group:
1. Select the desired option in the **Default branch protection** dropdown list.
1. Select the desired option in the **Default branch protection** dropdown list.
1. Click **Save changes**.
1. Click **Save changes**.
To change this setting globally, see [Default branch protection](../admin_area/settings/visibility_and_access_controls.md#default-branch-protection).
To change this setting globally, see [Default branch protection](../admin_area/settings/visibility_and_access_controls.md#protect-default-branches).
NOTE:
NOTE:
In [GitLab Premium or higher](https://about.gitlab.com/pricing/), GitLab administrators can choose to [disable group owners from updating the default branch protection](../admin_area/settings/visibility_and_access_controls.md#disable-group-owners-from-updating-default-branch-protection).
In [GitLab Premium or higher](https://about.gitlab.com/pricing/), GitLab administrators can choose to [disable group owners from updating the default branch protection](../admin_area/settings/visibility_and_access_controls.md#prevent-overrides-of-default-branch-protection).
## Add projects to a group
## Add projects to a group
...
@@ -248,7 +248,7 @@ To change this setting for a specific group:
...
@@ -248,7 +248,7 @@ To change this setting for a specific group:
1. Select the desired option in the **Allowed to create projects** dropdown list.
1. Select the desired option in the **Allowed to create projects** dropdown list.
1. Click **Save changes**.
1. Click **Save changes**.
To change this setting globally, see [Default project creation protection](../admin_area/settings/visibility_and_access_controls.md#default-project-creation-protection).
To change this setting globally, see [Default project creation protection](../admin_area/settings/visibility_and_access_controls.md#define-which-roles-can-create-projects).
@@ -330,7 +330,7 @@ The following table lists group permissions available for each role:
...
@@ -330,7 +330,7 @@ The following table lists group permissions available for each role:
Maintainers to create subgroups](group/subgroups/index.md#creating-a-subgroup)
Maintainers to create subgroups](group/subgroups/index.md#creating-a-subgroup)
1. Introduced in GitLab 12.2.
1. Introduced in GitLab 12.2.
1. Default project creation role can be changed at:
1. Default project creation role can be changed at:
- The [instance level](admin_area/settings/visibility_and_access_controls.md#default-project-creation-protection).
- The [instance level](admin_area/settings/visibility_and_access_controls.md#define-which-roles-can-create-projects).
- The [group level](group/index.md#specify-who-can-add-projects-to-a-group).
- The [group level](group/index.md#specify-who-can-add-projects-to-a-group).
1. Does not apply to subgroups.
1. Does not apply to subgroups.
1. Developers can push commits to the default branch of a new project only if the [default branch protection](group/index.md#change-the-default-branch-protection-of-a-group) is set to "Partially protected" or "Not protected".
1. Developers can push commits to the default branch of a new project only if the [default branch protection](group/index.md#change-the-default-branch-protection-of-a-group) is set to "Partially protected" or "Not protected".
@@ -36,4 +36,4 @@ of the project being imported into, then the user will be linked.
...
@@ -36,4 +36,4 @@ of the project being imported into, then the user will be linked.
## Enable this feature
## Enable this feature
Enable Phabricator as an [import source](../../admin_area/settings/visibility_and_access_controls.md#import-sources) in the Admin Area.
Enable Phabricator as an [import source](../../admin_area/settings/visibility_and_access_controls.md#configure-allowed-import-sources) in the Admin Area.