Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/user/permissions.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/user/permissions.md')
-rw-r--r--doc/user/permissions.md54
1 files changed, 35 insertions, 19 deletions
diff --git a/doc/user/permissions.md b/doc/user/permissions.md
index 10147e7f69c..eb79d5099eb 100644
--- a/doc/user/permissions.md
+++ b/doc/user/permissions.md
@@ -33,8 +33,13 @@ usernames. A GitLab administrator can configure the GitLab instance to
## Project members permissions
-The Owner role is only available at the group or personal namespace level (and for instance administrators) and is inherited by its projects.
-While Maintainer is the highest project-level role, some actions can only be performed by a personal namespace or group owner, or an instance administrator, who receives all permissions.
+A user's role determines what permissions they have on a project. The Owner role provides all permissions but is
+available only:
+
+- For group owners. The role is inherited for a group's projects.
+- For Administrators.
+
+Personal namespace owners have the same permissions as an Owner, but are displayed with the Maintainer role on projects created in their personal namespace.
For more information, see [projects members documentation](project/members/index.md).
The following table lists project permissions available for each role:
@@ -70,7 +75,7 @@ The following table lists project permissions available for each role:
| [CI/CD](../ci/index.md):<br>Manage job triggers | | | | ✓ | ✓ |
| [CI/CD](../ci/index.md):<br>Manage runners | | | | ✓ | ✓ |
| [CI/CD](../ci/index.md):<br>Run Web IDE's Interactive Web Terminals **(ULTIMATE ONLY)** | | | | ✓ | ✓ |
-| [CI/CD](../ci/index.md):<br>Use [environment terminals](../ci/environments/index.md#web-terminals) | | | | ✓ | ✓ |
+| [CI/CD](../ci/index.md):<br>Use [environment terminals](../ci/environments/index.md#web-terminals-deprecated) | | | | ✓ | ✓ |
| [CI/CD](../ci/index.md):<br>Delete pipelines | | | | | ✓ |
| [Clusters](infrastructure/clusters/index.md):<br>View [pod logs](project/clusters/kubernetes_pod_logs.md) | | | ✓ | ✓ | ✓ |
| [Clusters](infrastructure/clusters/index.md):<br>Manage clusters | | | | ✓ | ✓ |
@@ -81,6 +86,15 @@ The following table lists project permissions available for each role:
| [GitLab Pages](project/pages/index.md):<br>Manage | | | | ✓ | ✓ |
| [GitLab Pages](project/pages/index.md):<br>Manage GitLab Pages domains and certificates | | | | ✓ | ✓ |
| [GitLab Pages](project/pages/index.md):<br>Remove GitLab Pages | | | | ✓ | ✓ |
+| [Incident Management](../operations/incident_management/index.md):<br>View [alerts](../operations/incident_management/alerts.md) | | ✓ | ✓ | ✓ | ✓ |
+| [Incident Management](../operations/incident_management/index.md):<br>Assign an alert | ✓| ✓ | ✓ | ✓ | ✓ |
+| [Incident Management](../operations/incident_management/index.md):<br>View [incident](../operations/incident_management/incidents.md) | ✓| ✓ | ✓ | ✓ | ✓ |
+| [Incident Management](../operations/incident_management/index.md):<br>Create [incident](../operations/incident_management/incidents.md) | (*17*) | ✓ | ✓ | ✓ | ✓ |
+| [Incident Management](../operations/incident_management/index.md):<br>View [on-call schedules](../operations/incident_management/oncall_schedules.md) | | ✓ | ✓ | ✓ | ✓ |
+| [Incident Management](../operations/incident_management/index.md):<br>Participate in on-call rotation | ✓| ✓ | ✓ | ✓ | ✓ |
+| [Incident Management](../operations/incident_management/index.md):<br>View [escalation policies](../operations/incident_management/escalation_policies.md) | | ✓ | ✓ | ✓ | ✓ |
+| [Incident Management](../operations/incident_management/index.md):<br>Manage [on-call schedules](../operations/incident_management/oncall_schedules.md) | | | | ✓ | ✓ |
+| [Incident Management](../operations/incident_management/index.md):<br>Manage [escalation policies](../operations/incident_management/escalation_policies.md)| | | | ✓ | ✓ |
| [Issues](project/issues/index.md):<br>Add Labels | ✓ (*16*) | ✓ | ✓ | ✓ | ✓ |
| [Issues](project/issues/index.md):<br>Assign | ✓ (*16*) | ✓ | ✓ | ✓ | ✓ |
| [Issues](project/issues/index.md):<br>Create | ✓ | ✓ | ✓ | ✓ | ✓ |
@@ -140,7 +154,7 @@ The following table lists project permissions available for each role:
| [Projects](project/index.md):<br>Add new team members | | | | ✓ | ✓ |
| [Projects](project/index.md):<br>Change [project features visibility](../public_access/public_access.md) level | | | | ✓ (14) | ✓ |
| [Projects](project/index.md):<br>Configure [webhooks](project/integrations/webhooks.md) | | | | ✓ | ✓ |
-| [Projects](project/index.md):<br>Delete [wiki](project/wiki/index.md) pages | | | | ✓ | ✓ |
+| [Projects](project/index.md):<br>Delete [wiki](project/wiki/index.md) pages | | | ✓ | ✓ | ✓ |
| [Projects](project/index.md):<br>Edit comments (posted by any user) | | | | ✓ | ✓ |
| [Projects](project/index.md):<br>Edit project badges | | | | ✓ | ✓ |
| [Projects](project/index.md):<br>Edit project settings | | | | ✓ | ✓ |
@@ -169,7 +183,7 @@ The following table lists project permissions available for each role:
| [Repository](project/repository/index.md):<br>Enable or disable branch protection | | | | ✓ | ✓ |
| [Repository](project/repository/index.md):<br>Enable or disable tag protection | | | | ✓ | ✓ |
| [Repository](project/repository/index.md):<br>Manage [push rules](../push_rules/push_rules.md) | | | | ✓ | ✓ |
-| [Repository](project/repository/index.md):<br>Push to protected branches | | | | ✓ | ✓ |
+| [Repository](project/repository/index.md):<br>Push to protected branches (*5*) | | | | ✓ | ✓ |
| [Repository](project/repository/index.md):<br>Turn on or off protected branch push for developers | | | | ✓ | ✓ |
| [Repository](project/repository/index.md):<br>Remove fork relationship | | | | | ✓ |
| [Repository](project/repository/index.md):<br>Force push to protected branches (*4*) | | | | | |
@@ -202,7 +216,7 @@ The following table lists project permissions available for each role:
1. If **Public pipelines** is enabled in **Project Settings > CI/CD**.
1. Not allowed for Guest, Reporter, Developer, Maintainer, or Owner. See [protected branches](project/protected_branches.md).
1. If the [branch is protected](project/protected_branches.md), this depends on the access Developers and Maintainers are given.
-1. Guest users can access GitLab [**Releases**](project/releases/index.md) for downloading assets but are not allowed to download the source code nor see repository information like tags and commits.
+1. Guest users can access GitLab [**Releases**](project/releases/index.md) for downloading assets but are not allowed to download the source code nor see [repository information like commits and release evidence](project/releases/index.md#view-a-release-and-download-assets).
1. Actions are limited only to records owned (referenced) by user.
1. When [Share Group Lock](group/index.md#prevent-a-project-from-being-shared-with-groups) is enabled the project can't be shared with other groups. It does not affect group with group sharing.
1. For information on eligible approvers for merge requests, see
@@ -216,7 +230,9 @@ The following table lists project permissions available for each role:
[project visibility](../public_access/public_access.md) is set to private.
1. Attached design files are moved together with the issue even if the user doesn't have the
Developer role.
-1. Guest users can set metadata (for example, labels, assignees, or milestones) when creating an issue.
+1. Guest users can only set metadata (for example, labels, assignees, or milestones)
+ when creating an issue. They cannot change the metadata on existing issues.
+1. In GitLab 14.5 or later, Guests are not allowed to [create incidents](../operations/incident_management/incidents.md#incident-creation).
## Project features permissions
@@ -305,7 +321,7 @@ The following table lists group permissions available for each role:
| Use security dashboard **(ULTIMATE)** | | | ✓ | ✓ | ✓ |
| View group Audit Events | | | ✓ (7) | ✓ (7) | ✓ |
| Create subgroup | | | | ✓ (1) | ✓ |
-| Delete group wiki pages **(PREMIUM)** | | | | ✓ | ✓ |
+| Delete group wiki pages **(PREMIUM)** | | | ✓ | ✓ | ✓ |
| Edit epic comments (posted by any user) **(ULTIMATE)** | | | | ✓ (2) | ✓ (2) |
| List group deploy tokens | | | | ✓ | ✓ |
| Manage [group push rules](group/index.md#group-push-rules) **(PREMIUM)** | | | | ✓ | ✓ |
@@ -384,8 +400,10 @@ An administrator can flag a user as external by either of the following methods:
1. On the left sidebar, select **Overview > Users** to create a new user or edit an existing one.
There, you can find the option to flag the user as external.
-Additionally users can be set as external users using [SAML groups](../integration/saml.md#external-groups)
-and [LDAP groups](../administration/auth/ldap/index.md#external-groups).
+Additionally users can be set as external users using:
+
+- [SAML groups](../integration/saml.md#external-groups).
+- [LDAP groups](../administration/auth/ldap/ldap_synchronization.md#external-groups).
### Setting new users to external
@@ -416,7 +434,7 @@ Be aware that this regex could lead to a
## Free Guest users **(ULTIMATE)**
-When a user is given Guest permissions on a project, group, or both, and holds no
+When a user is given the Guest role on a project, group, or both, and holds no
higher permission level on any other project or group on the GitLab instance,
the user is considered a guest user by GitLab and does not consume a license seat.
There is no other specific "guest" designation for newly created users.
@@ -466,22 +484,20 @@ subscriptions.
Project features like wiki and issues can be hidden from users depending on
which visibility level you select on project settings.
-- Disabled: disabled for everyone
-- Only team members: only team members will see even if your project is public or internal
-- Everyone with access: everyone can see depending on your project visibility level
-- Everyone: enabled for everyone (only available for GitLab Pages)
+- Disabled: disabled for everyone.
+- Only team members: only team members can see, even if your project is public or internal.
+- Everyone with access: everyone can see depending on your project visibility level.
+- Everyone: enabled for everyone (only available for GitLab Pages).
## GitLab CI/CD permissions
-GitLab CI/CD permissions rely on the role the user has in GitLab. There are four
-roles:
+GitLab CI/CD permissions rely on the role the user has in GitLab:
-- Administrator
- Maintainer
- Developer
- Guest/Reporter
-The Administrator role can perform any action on GitLab CI/CD in scope of the GitLab
+GitLab administrators can perform any action on GitLab CI/CD in scope of the GitLab
instance and project.
| Action | Guest, Reporter | Developer |Maintainer| Administrator |
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 22:08:59 +0300