diff options
Diffstat (limited to 'doc/development/permissions.md')
-rw-r--r-- | doc/development/permissions.md | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/doc/development/permissions.md b/doc/development/permissions.md index 06a4a03de38..e930345caec 100644 --- a/doc/development/permissions.md +++ b/doc/development/permissions.md @@ -13,9 +13,16 @@ Groups and projects can have the following visibility levels: - internal (`10`) - an entity is visible to logged in users - private (`0`) - an entity is visible only to the approved members of the entity +By default, subgroups can **not** have higher visibility levels. +For example, if you create a new private group, it can not include a public subgroup. + The visibility level of a group can be changed only if all subgroups and -sub-projects have the same or lower visibility level. (e.g., a group can be set -to internal only if all subgroups and projects are internal or private). +sub-projects have the same or lower visibility level. For example, a group can be set +to internal only if all subgroups and projects are internal or private. + +CAUTION: **Warning:** +If you migrate an existing group to a lower visibility level, that action does not migrate subgroups +in the same way. This is a [known issue](https://gitlab.com/gitlab-org/gitlab/-/issues/22406). Visibility levels can be found in the `Gitlab::VisibilityLevel` module. @@ -48,10 +55,10 @@ levels are available (defined in the `Gitlab::Access` module): - Maintainer (`40`) - Owner (`50`) -If a user is the member of both a project and the project parent group, the +If a user is the member of both a project and the project parent group(s), the higher permission is taken into account for the project. -If a user is the member of a project, but not the parent group (or groups), they +If a user is the member of a project, but not the parent group(s), they can still view the groups and their entities (like epics). Project membership (where the group membership is already taken into account) |