diff options
Diffstat (limited to 'doc/user/custom_roles.md')
| -rw-r--r-- | doc/user/custom_roles.md | 38 |
1 files changed, 8 insertions, 30 deletions
diff --git a/doc/user/custom_roles.md b/doc/user/custom_roles.md index 1f3628efa39..07e14494ada 100644 --- a/doc/user/custom_roles.md +++ b/doc/user/custom_roles.md @@ -1,21 +1,15 @@ --- stage: Govern -group: Authentication +group: Authorization info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Custom roles **(ULTIMATE ALL)** -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106256) in GitLab 15.7 [with a flag](../administration/feature_flags.md) named `customizable_roles`. +> - [Custom roles feature introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106256) in GitLab 15.7 [with a flag](../administration/feature_flags.md) named `customizable_roles`. > - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110810) in GitLab 15.9. > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114524) in GitLab 15.10. -> - The ability for a custom role to view a vulnerability report [introduced](https://gitlab.com/groups/gitlab-org/-/epics/10160) in GitLab 16.1 [with a flag](../administration/feature_flags.md) named `custom_roles_vulnerability`. -> - Ability to view a vulnerability report [enabled by default](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/123835) in GitLab 16.1. -> - [Feature flag `custom_roles_vulnerability` removed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124049) in GitLab 16.2. > - Ability to create and remove a custom role with the UI [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/393235) in GitLab 16.4. -> - Ability to manage group members [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/17364) in GitLab 16.5. -> - Ability to manage project access tokens [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/421778) in GitLab 16.5 [with a flag](../administration/feature_flags.md) named `manage_project_access_tokens`. -> - Ability to archive projects [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/425957) in GitLab 16.7. > - Ability to use the UI to add a user to your group with a custom role, change a user's custom role, or remove a custom role from a group member [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/393239) in GitLab 16.7. Custom roles allow group Owners or instance administrators to create roles @@ -26,6 +20,10 @@ For a demo of the custom roles feature, see [[Demo] Ultimate Guest can view code You can discuss individual custom role and permission requests in [issue 391760](https://gitlab.com/gitlab-org/gitlab/-/issues/391760). +## Available permissions + +For more information on available permissions, see [custom abilities](custom_roles/abilities.md). + ## Create a custom role Prerequisites: @@ -96,26 +94,6 @@ In **Settings > Roles and Permissions**, the list of all custom roles displays t To create a custom role, you can also [use the API](../api/member_roles.md#add-a-member-role-to-a-group). -### Available permissions - -The following permissions are available. You can add these permissions in any combination -to a base role to create a custom role. - -Some permissions require having other permissions enabled first. For example, administration of vulnerabilities (`admin_vulnerability`) can only be enabled if reading vulnerabilities (`read_vulnerability`) is also enabled. - -These requirements are documented in the `Required permission` column in the following table. - -| Permission | Version | Required permission | Description | -| ------------------------------- | -----------------------| -------------------- | ----------- | -| `read_code` | GitLab 15.7 and later | Not applicable | View project code. Does not include the ability to pull code. | -| `read_vulnerability` | GitLab 16.1 and later | Not applicable | View [vulnerability reports](application_security/vulnerability_report/index.md). | -| `admin_vulnerability` | GitLab 16.1 and later | `read_vulnerability` | Change the [status of vulnerabilities](application_security/vulnerabilities/index.md#vulnerability-status-values). | -| `read_dependency` | GitLab 16.3 and later | Not applicable | View [project dependencies](application_security/dependency_list/index.md). | -| `admin_merge_request` | GitLab 16.4 and later | Not applicable | View and approve [merge requests](project/merge_requests/index.md), revoke merge request approval, and view the associated merge request code. <br> Does not allow users to view or change merge request approval rules. | -| `manage_project_access_tokens` | GitLab 16.5 and later | Not applicable | Create, delete, and list [project access tokens](project/settings/project_access_tokens.md). | -| `admin_group_member` | GitLab 16.5 and later | Not applicable | Add or remove [group members](group/manage.md). | -| `archive_project` | GitLab 16.6 and later | Not applicable | Archive and unarchive [projects](project/settings/migrate_projects.md#archive-a-project). | - ## Billing and seat usage When you enable a custom role for a user with the Guest role, that user has @@ -219,8 +197,8 @@ To remove a custom role from a group member: 1. Select the **Max role** dropdown list for the member you want to remove a custom role from. 1. On the **Change role** dialog, select a static role. -You can update or remove a custom role from a group member also with the [Group and Project Members API endpoint](../api/members.md#edit-a-member-of-a-group-or-project). -and pass an empty `member_role_id` value: +You can also use the [Group and Project Members API endpoint](../api/members.md#edit-a-member-of-a-group-or-project) +to update or remove a custom role from a group member by passing an empty `member_role_id` value: ```shell # to update a project membership |