diff options
Diffstat (limited to 'doc/user/admin_area/settings')
-rw-r--r-- | doc/user/admin_area/settings/account_and_limit_settings.md | 12 | ||||
-rw-r--r-- | doc/user/admin_area/settings/continuous_integration.md | 6 | ||||
-rw-r--r-- | doc/user/admin_area/settings/deprecated_api_rate_limits.md | 2 | ||||
-rw-r--r-- | doc/user/admin_area/settings/email.md | 2 | ||||
-rw-r--r-- | doc/user/admin_area/settings/external_authorization.md | 4 | ||||
-rw-r--r-- | doc/user/admin_area/settings/files_api_rate_limits.md | 4 | ||||
-rw-r--r-- | doc/user/admin_area/settings/git_lfs_rate_limits.md | 2 | ||||
-rw-r--r-- | doc/user/admin_area/settings/img/classification_label_on_project_page.png | bin | 19568 -> 0 bytes | |||
-rw-r--r-- | doc/user/admin_area/settings/img/classification_label_on_project_page_v14_8.png | bin | 0 -> 17728 bytes | |||
-rw-r--r-- | doc/user/admin_area/settings/index.md | 3 | ||||
-rw-r--r-- | doc/user/admin_area/settings/rate_limit_on_users_api.md | 33 | ||||
-rw-r--r-- | doc/user/admin_area/settings/sign_in_restrictions.md | 2 | ||||
-rw-r--r-- | doc/user/admin_area/settings/user_and_ip_rate_limits.md | 5 | ||||
-rw-r--r-- | doc/user/admin_area/settings/visibility_and_access_controls.md | 30 |
14 files changed, 79 insertions, 26 deletions
diff --git a/doc/user/admin_area/settings/account_and_limit_settings.md b/doc/user/admin_area/settings/account_and_limit_settings.md index f748f575419..1d982196228 100644 --- a/doc/user/admin_area/settings/account_and_limit_settings.md +++ b/doc/user/admin_area/settings/account_and_limit_settings.md @@ -234,10 +234,14 @@ Once a lifetime for SSH keys is set, GitLab: NOTE: When a user's SSH key becomes invalid they can delete and re-add the same key again. -## Allow expired SSH keys to be used **(ULTIMATE SELF)** +## Allow expired SSH keys to be used (DEPRECATED) **(ULTIMATE SELF)** > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/250480) in GitLab 13.9. > - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/320970) in GitLab 14.0. +> - [Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/351963) in GitLab 14.8. + +WARNING: +This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/351963) in GitLab 14.8. By default, expired SSH keys **are not usable**. @@ -283,10 +287,14 @@ Once a lifetime for personal access tokens is set, GitLab: allowed lifetime. Three hours is given to allow administrators to change the allowed lifetime, or remove it, before revocation takes place. -## Allow expired Personal Access Tokens to be used **(ULTIMATE SELF)** +## Allow expired Personal Access Tokens to be used (DEPRECATED) **(ULTIMATE SELF)** > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214723) in GitLab 13.1. > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/296881) in GitLab 13.9. +> - [Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/351962) in GitLab 14.8. + +WARNING: +This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/351962) in GitLab 14.8. By default, expired personal access tokens (PATs) **are not usable**. diff --git a/doc/user/admin_area/settings/continuous_integration.md b/doc/user/admin_area/settings/continuous_integration.md index e18808ffb41..18379471bcf 100644 --- a/doc/user/admin_area/settings/continuous_integration.md +++ b/doc/user/admin_area/settings/continuous_integration.md @@ -197,6 +197,12 @@ To enable or disable the banner: ## Required pipeline configuration **(PREMIUM SELF)** +WARNING: +Required pipeline configurations is in its end-of-life process for Premium users. It's +[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/352316) for use in GitLab 14.8, +and planned to be unavailable for Premium users in GitLab 15.0. This feature is planned to continue +to be available for Ultimate users. Ultimate users are not impacted by this deprecation and removal. + NOTE: An alternative [compliance solution](../../project/settings/index.md#compliance-pipeline-configuration) is available. We recommend this alternative solution because it provides greater flexibility, diff --git a/doc/user/admin_area/settings/deprecated_api_rate_limits.md b/doc/user/admin_area/settings/deprecated_api_rate_limits.md index 9be703f3b82..d651e445a95 100644 --- a/doc/user/admin_area/settings/deprecated_api_rate_limits.md +++ b/doc/user/admin_area/settings/deprecated_api_rate_limits.md @@ -30,7 +30,7 @@ for deprecated API endpoints. No other new features are provided by this overrid Prerequisites: -- You must have the Administrator role for your instance. +- You must have administrator access for your instance. To override the general user and IP rate limits for requests to deprecated API endpoints: diff --git a/doc/user/admin_area/settings/email.md b/doc/user/admin_area/settings/email.md index 6bc9e97629c..e4fc3b6e6d4 100644 --- a/doc/user/admin_area/settings/email.md +++ b/doc/user/admin_area/settings/email.md @@ -56,7 +56,7 @@ To change the hostname used in private commit emails: NOTE: After the hostname is configured, every private commit email using the previous hostname is not -recognized by GitLab. This can directly conflict with certain [Push rules](../../../push_rules/push_rules.md) such as +recognized by GitLab. This can directly conflict with certain [Push rules](../../project/repository/push_rules.md) such as `Check whether author is a GitLab user` and `Check whether committer is the current authenticated user`. ## Custom additional text **(PREMIUM SELF)** diff --git a/doc/user/admin_area/settings/external_authorization.md b/doc/user/admin_area/settings/external_authorization.md index 4fd7c59ef24..ef980981fec 100644 --- a/doc/user/admin_area/settings/external_authorization.md +++ b/doc/user/admin_area/settings/external_authorization.md @@ -1,6 +1,6 @@ --- stage: Manage -group: Authentication & Authorization +group: Authentication and Authorization info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- @@ -105,7 +105,7 @@ label defined in the [global settings](#configuration) is used. The label is shown on all project pages in the upper right corner. -![classification label on project page](img/classification_label_on_project_page.png) +![classification label on project page](img/classification_label_on_project_page_v14_8.png) <!-- ## Troubleshooting diff --git a/doc/user/admin_area/settings/files_api_rate_limits.md b/doc/user/admin_area/settings/files_api_rate_limits.md index 675561ce9cf..7305e49b0d2 100644 --- a/doc/user/admin_area/settings/files_api_rate_limits.md +++ b/doc/user/admin_area/settings/files_api_rate_limits.md @@ -5,7 +5,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w type: reference --- -# Files API rate limits **(FREE SELF)** +# Rate limits on Repository files API **(FREE SELF)** > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68561) in GitLab 14.3. > - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/75918) in GitLab 14.6. [Feature flag files_api_throttling](https://gitlab.com/gitlab-org/gitlab/-/issues/338903) removed. @@ -26,7 +26,7 @@ for the Files API. No other new features are provided by this override. Prerequisite: -- You must have the Administrator role for your instance. +- You must have administrator access for your instance. To override the general user and IP rate limits for requests to the Repository files API: diff --git a/doc/user/admin_area/settings/git_lfs_rate_limits.md b/doc/user/admin_area/settings/git_lfs_rate_limits.md index adc6cc2b11b..c10300baeef 100644 --- a/doc/user/admin_area/settings/git_lfs_rate_limits.md +++ b/doc/user/admin_area/settings/git_lfs_rate_limits.md @@ -5,7 +5,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w type: reference --- -# Git LFS Rate Limits **(FREE SELF)** +# Rate limits on Git LFS **(FREE SELF)** [Git LFS (Large File Storage)](../../../topics/git/lfs/index.md) is a Git extension for handling large files. If you use Git LFS in your repository, common Git operations diff --git a/doc/user/admin_area/settings/img/classification_label_on_project_page.png b/doc/user/admin_area/settings/img/classification_label_on_project_page.png Binary files differdeleted file mode 100644 index 4aedb332cec..00000000000 --- a/doc/user/admin_area/settings/img/classification_label_on_project_page.png +++ /dev/null diff --git a/doc/user/admin_area/settings/img/classification_label_on_project_page_v14_8.png b/doc/user/admin_area/settings/img/classification_label_on_project_page_v14_8.png Binary files differnew file mode 100644 index 00000000000..4bd2e7d389b --- /dev/null +++ b/doc/user/admin_area/settings/img/classification_label_on_project_page_v14_8.png diff --git a/doc/user/admin_area/settings/index.md b/doc/user/admin_area/settings/index.md index 2820f3ae9df..a581fd4aebc 100644 --- a/doc/user/admin_area/settings/index.md +++ b/doc/user/admin_area/settings/index.md @@ -137,6 +137,7 @@ The **Network** settings contain: - [Incident Management Limits](../../../operations/incident_management/index.md) - Limit the number of inbound alerts that can be sent to a project. - [Notes creation limit](rate_limit_on_notes_creation.md) - Set a rate limit on the note creation requests. +- [Get single user limit](rate_limit_on_users_api.md) - Set a rate limit on users API endpoint to get a user by ID. ### Preferences @@ -160,7 +161,7 @@ The **Preferences** settings contain: The **Reporting** settings contain: - [Spam and Anti-bot Protection](../../../integration/recaptcha.md) - - Enable anti-spam services, like reCAPTCHA or Akismet, and set IP limits. + Enable anti-spam services, like reCAPTCHA, Akismet or [Spamcheck](../reporting/spamcheck.md), and set IP limits. - [Abuse reports](../review_abuse_reports.md) - Set notification email for abuse reports. ### Repository diff --git a/doc/user/admin_area/settings/rate_limit_on_users_api.md b/doc/user/admin_area/settings/rate_limit_on_users_api.md new file mode 100644 index 00000000000..7954055f38b --- /dev/null +++ b/doc/user/admin_area/settings/rate_limit_on_users_api.md @@ -0,0 +1,33 @@ +--- +type: reference +stage: Manage +group: Authentication & Authorization +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments +--- + +# Rate limits on Users API **(FREE SELF)** + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78364) in GitLab 14.8. + +You can configure the per user rate limit for requests to [Users API](../../../api/users.md). + +To change the rate limit: + +1. On the top bar, select **Menu > Admin**. +1. On the left sidebar, select **Settings > Network**. +1. Expand **Users API rate limit**. +1. In the **Maximum requests per 10 minutes** text box, enter the new value. +1. Optional. In the **Users to exclude from the rate limit** box, list users allowed to exceed the limit. +1. Select **Save changes**. + +This limit is: + +- Applied independently per user. +- Not applied per IP address. + +The default value is `300`. + +Requests over the rate limit are logged into the `auth.log` file. + +For example, if you set a limit of 300, requests to the `GET /users/:id` API endpoint +exceeding a rate of 300 per 10 minutes are blocked. Access to the endpoint is allowed after ten minutes have elapsed. diff --git a/doc/user/admin_area/settings/sign_in_restrictions.md b/doc/user/admin_area/settings/sign_in_restrictions.md index 52b20d5b437..c63cd88eeb4 100644 --- a/doc/user/admin_area/settings/sign_in_restrictions.md +++ b/doc/user/admin_area/settings/sign_in_restrictions.md @@ -38,7 +38,7 @@ they do not have access to all projects, groups, or the **Admin Area** menu. To access potentially dangerous resources, an administrator can activate Admin Mode by: - Selecting the *Enable Admin Mode* button -- Trying to access any part of the UI that requires an administrator role, specifically those which call `/admin` endpoints. +- Trying to access any part of the UI that requires administrator access, specifically those which call `/admin` endpoints. The main use case allows administrators to perform their regular tasks as a regular user, based on their memberships, without having to set up a second account for diff --git a/doc/user/admin_area/settings/user_and_ip_rate_limits.md b/doc/user/admin_area/settings/user_and_ip_rate_limits.md index d713ef4b4e0..88be73c3215 100644 --- a/doc/user/admin_area/settings/user_and_ip_rate_limits.md +++ b/doc/user/admin_area/settings/user_and_ip_rate_limits.md @@ -22,6 +22,11 @@ NOTE: By default, all Git operations are first tried unauthenticated. Because of this, HTTP Git operations may trigger the rate limits configured for unauthenticated requests. +NOTE: +[In GitLab 14.8 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/344807), +the rate limits for API requests don't affect requests made by the frontend, as these are always +counted as web traffic. + ## Enable unauthenticated API request rate limit To enable the unauthenticated request rate limit: diff --git a/doc/user/admin_area/settings/visibility_and_access_controls.md b/doc/user/admin_area/settings/visibility_and_access_controls.md index 82e0d3d27d4..c38b2455a8d 100644 --- a/doc/user/admin_area/settings/visibility_and_access_controls.md +++ b/doc/user/admin_area/settings/visibility_and_access_controls.md @@ -7,12 +7,12 @@ type: reference # Control access and visibility **(FREE SELF)** -GitLab enables users with the [Administrator role](../../permissions.md) to enforce +GitLab enables users with administrator access to enforce specific controls on branches, projects, snippets, groups, and more. To access the visibility and access control options: -1. Sign in to GitLab as a user with [Administrator role](../../permissions.md). +1. Sign in to GitLab as a user with Administrator access level. 1. On the top bar, select **Menu > Admin**. 1. On the left sidebar, select **Settings > General**. 1. Expand the **Visibility and access controls** section. @@ -29,7 +29,7 @@ or configure [branch protection for groups](../../group/index.md#change-the-defa To change the default branch protection for the entire instance: -1. Sign in to GitLab as a user with [Administrator role](../../permissions.md). +1. Sign in to GitLab as a user with Administrator access level. 1. On the top bar, select **Menu > Admin**. 1. On the left sidebar, select **Settings > General**. 1. Expand the **Visibility and access controls** section. @@ -55,7 +55,7 @@ can be overridden on a per-group basis by the group's owner. In [GitLab Premium or higher](https://about.gitlab.com/pricing/), GitLab administrators can disable this privilege for group owners, enforcing the instance-level protection rule: -1. Sign in to GitLab as a user with [Administrator role](../../permissions.md). +1. Sign in to GitLab as a user with Administrator access level. 1. On the top bar, select **Menu > Admin**. 1. On the left sidebar, select **Settings > General**. 1. Expand the **Visibility and access controls** section. @@ -71,7 +71,7 @@ Instance-level protections for project creation define which roles can [add projects to a group](../../group/index.md#specify-who-can-add-projects-to-a-group) on the instance. To alter which roles have permission to create projects: -1. Sign in to GitLab as a user with [Administrator role](../../permissions.md). +1. Sign in to GitLab as a user with Administrator access level. 1. On the top bar, select **Menu > Admin**. 1. On the left sidebar, select **Settings > General**. 1. Expand the **Visibility and access controls** section. @@ -84,9 +84,9 @@ on the instance. To alter which roles have permission to create projects: ## Restrict project deletion to Administrators **(PREMIUM SELF)** Anyone with the **Owner** role, either at the project or group level, can -delete a project. To allow only users with the Administrator role to delete projects: +delete a project. To allow only users with administrator access to delete projects: -1. Sign in to GitLab as a user with [Administrator role](../../permissions.md). +1. Sign in to GitLab as a user with Administrator access level. 1. On the top bar, select **Menu > Admin**. 1. On the left sidebar, select **Settings > General**. 1. Expand the **Visibility and access controls** section. @@ -137,7 +137,7 @@ Alternatively, projects that are marked for removal can be deleted immediately. To set the default [visibility levels for new projects](../../../public_access/public_access.md): -1. Sign in to GitLab as a user with [Administrator role](../../permissions.md). +1. Sign in to GitLab as a user with Administrator access level. 1. On the top bar, select **Menu > Admin**. 1. On the left sidebar, select **Settings > General**. 1. Expand the **Visibility and access controls** section. @@ -152,7 +152,7 @@ To set the default [visibility levels for new projects](../../../public_access/p To set the default visibility levels for new [snippets](../../snippets.md): -1. Sign in to GitLab as a user with [Administrator role](../../permissions.md). +1. Sign in to GitLab as a user with Administrator access level. 1. On the top bar, select **Menu > Admin**. 1. On the left sidebar, select **Settings > General**. 1. Expand the **Visibility and access controls** section. @@ -166,7 +166,7 @@ For more details on snippet visibility, read To set the default visibility levels for new groups: -1. Sign in to GitLab as a user with [Administrator role](../../permissions.md). +1. Sign in to GitLab as a user with Administrator access level. 1. On the top bar, select **Menu > Admin**. 1. On the left sidebar, select **Settings > General**. 1. Expand the **Visibility and access controls** section. @@ -183,7 +183,7 @@ For more details on group visibility, see To restrict visibility levels for projects, snippets, and selected pages: -1. Sign in to GitLab as a user with [Administrator role](../../permissions.md). +1. Sign in to GitLab as a user with Administrator access level. 1. On the top bar, select **Menu > Admin**. 1. On the left sidebar, select **Settings > General**. 1. Expand the **Visibility and access controls** section. @@ -200,7 +200,7 @@ For more details on project visibility, see You can specify from which hosting sites users can [import their projects](../../project/import/index.md): -1. Sign in to GitLab as a user with [Administrator role](../../permissions.md). +1. Sign in to GitLab as a user with Administrator access level. 1. On the top bar, select **Menu > Admin**. 1. On the left sidebar, select **Settings > General**. 1. Expand the **Visibility and access controls** section. @@ -212,7 +212,7 @@ You can specify from which hosting sites users can [import their projects](../.. To enable the export of [projects and their data](../../../user/project/settings/import_export.md#export-a-project-and-its-data): -1. Sign in to GitLab as a user with [Administrator role](../../permissions.md). +1. Sign in to GitLab as a user with Administrator access level. 1. On the top bar, select **Menu > Admin**. 1. On the left sidebar, select **Settings > General**. 1. Expand the **Visibility and access controls** section. @@ -228,7 +228,7 @@ The GitLab restrictions apply at the application level. To specify the enabled Git access protocols: -1. Sign in to GitLab as a user with [Administrator role](../../permissions.md). +1. Sign in to GitLab as a user with Administrator access level. 1. On the top bar, select **Menu > Admin**. 1. On the left sidebar, select **Settings > General**. 1. Expand the **Visibility and access controls** section. @@ -280,7 +280,7 @@ NOTE: SSH clone URLs can be customized in `gitlab.rb` by setting `gitlab_rails['gitlab_ssh_host']` and other related settings. -## Configure defaults for RSA, DSA, ECDSA, ED25519 SSH keys +## Configure defaults for RSA, DSA, ECDSA, ED25519, ECDSA_SK, ED25519_SK SSH keys These options specify the permitted types and lengths for SSH keys. |