2018-05-09 07:07:11 -04:00
---
2020-10-16 05:09:06 -04:00
stage: Manage
group: Access
2020-11-26 01:09:20 -05:00
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2018-05-09 07:07:11 -04:00
---
2021-05-31 14:09:56 -04:00
# Permissions and roles
2016-07-12 10:49:03 -04:00
2021-05-31 14:09:56 -04:00
Users have different abilities depending on the role they have in a
2019-11-29 10:06:43 -05:00
particular group or project. If a user is both in a project's group and the
2021-05-31 14:09:56 -04:00
project itself, the highest role is used.
2016-07-12 10:49:03 -04:00
2021-06-03 05:10:18 -04:00
On [public and internal projects ](../api/projects.md#project-visibility-level ), the Guest role
(not to be confused with [Guest user ](#free-guest-users )) is not enforced.
2020-03-05 04:08:31 -05:00
2021-06-03 05:10:18 -04:00
When a member leaves a team's project, all the assigned [issues ](project/issues/index.md ) and
[merge requests ](project/merge_requests/index.md ) are automatically unassigned.
2017-04-18 05:46:41 -04:00
2019-03-03 19:17:57 -05:00
GitLab [administrators ](../administration/index.md ) receive all permissions.
2016-07-12 10:49:03 -04:00
2017-08-14 15:27:24 -04:00
To add or import a user, you can follow the
2019-06-14 13:11:57 -04:00
[project members documentation ](project/members/index.md ).
2018-04-16 11:23:34 -04:00
## Principles behind permissions
2018-04-12 08:28:29 -04:00
2020-07-09 14:10:09 -04:00
See our [product handbook on permissions ](https://about.gitlab.com/handbook/product/gitlab-the-product/#permissions-in-gitlab ).
2018-04-12 08:28:29 -04:00
2019-03-14 23:19:04 -04:00
## Instance-wide user permissions
2019-03-22 06:16:46 -04:00
By default, users can create top-level groups and change their
2019-03-14 23:19:04 -04:00
usernames. A GitLab administrator can configure the GitLab instance to
[modify this behavior ](../administration/user_settings.md ).
2017-08-15 13:58:21 -04:00
## Project members permissions
2016-07-12 10:49:03 -04:00
2021-05-31 14:09:56 -04:00
The Owner role is only available at the group or personal namespace level (and for instance administrators) and is inherited by its projects.
2021-03-31 17:09:15 -04:00
While Maintainer is the highest project-level role, some actions can only be performed by a personal namespace or group owner, or an instance administrator, who receives all permissions.
For more information, see [projects members documentation ](project/members/index.md ).
2019-09-05 00:03:40 -04:00
2021-05-31 14:09:56 -04:00
The following table lists project permissions available for each role:
2016-07-12 10:49:03 -04:00
2021-09-05 20:11:03 -04:00
<!-- Keep this table sorted: By topic first, then by minimum role, then alphabetically. -->
2021-07-26 20:08:48 -04:00
2021-08-04 02:09:49 -04:00
| Action | Guest | Reporter | Developer | Maintainer | Owner |
|-------------------------------------------------------------------------------------------------------------------------|----------|----------|-----------|------------|-------|
| [Analytics ](analytics/index.md ):< br > View issue analytics ** (PREMIUM)** | ✓ | ✓ | ✓ | ✓ | ✓ |
2021-08-23 23:10:40 -04:00
| [Analytics ](analytics/index.md ):< br > View [merge request analytics ](analytics/merge_request_analytics.md ) ** (PREMIUM)** | ✓ | ✓ | ✓ | ✓ | ✓ |
2021-08-04 02:09:49 -04:00
| [Analytics ](analytics/index.md ):< br > View value stream analytics | ✓ | ✓ | ✓ | ✓ | ✓ |
| [Analytics ](analytics/index.md ):< br > View [DORA metrics ](analytics/ci_cd_analytics.md ) | | ✓ | ✓ | ✓ | ✓ |
| [Analytics ](analytics/index.md ):< br > View [CI/CD analytics ](analytics/ci_cd_analytics.md ) | | ✓ | ✓ | ✓ | ✓ |
2021-08-23 23:10:40 -04:00
| [Analytics ](analytics/index.md ):< br > View [code review analytics ](analytics/code_review_analytics.md ) ** (PREMIUM)** | | ✓ | ✓ | ✓ | ✓ |
| [Analytics ](analytics/index.md ):< br > View [repository analytics ](analytics/repository_analytics.md ) | | ✓ | ✓ | ✓ | ✓ |
2021-08-05 23:08:43 -04:00
| [Application security ](application_security/index.md ):< br > View licenses in [dependency list ](application_security/dependency_list/index.md ) ** (ULTIMATE)** | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ |
| [Application security ](application_security/index.md ):< br > Create and run [on-demand DAST scans ](application_security/dast/index.md#on-demand-scans ) ** (ULTIMATE)** | | | ✓ | ✓ | ✓ |
| [Application security ](application_security/index.md ):< br > Manage [security policy ](application_security/policies/index.md ) ** (ULTIMATE)** | | | ✓ | ✓ | ✓ |
| [Application security ](application_security/index.md ):< br > View [dependency list ](application_security/dependency_list/index.md ) ** (ULTIMATE)** | | | ✓ | ✓ | ✓ |
| [Application security ](application_security/index.md ):< br > View [threats list ](application_security/threat_monitoring/index.md#threat-monitoring ) ** (ULTIMATE)** | | | ✓ | ✓ | ✓ |
2021-08-23 23:10:40 -04:00
| [Application security ](application_security/index.md ):< br > Create a [CVE ID Request ](application_security/cve_id_request.md ) ** (FREE SAAS)** | | | | ✓ | ✓ |
2021-08-05 23:08:43 -04:00
| [Application security ](application_security/index.md ):< br > Create or assign [security policy project ](application_security/policies/index.md ) ** (ULTIMATE)** | | | | | ✓ |
2021-09-29 11:11:47 -04:00
| [CI/CD ](../ci/index.md ):< br > Download and browse job artifacts | ✓ (*3*) | ✓ | ✓ | ✓ | ✓ |
| [CI/CD ](../ci/index.md ):< br > View a job log | ✓ (*3*) | ✓ | ✓ | ✓ | ✓ |
| [CI/CD ](../ci/index.md ):< br > View list of jobs | ✓ (*3*) | ✓ | ✓ | ✓ | ✓ |
| [CI/CD ](../ci/index.md ):< br > View [environments ](../ci/environments/index.md ) | | ✓ | ✓ | ✓ | ✓ |
| [CI/CD ](../ci/index.md ):< br > Cancel and retry jobs | | | ✓ | ✓ | ✓ |
| [CI/CD ](../ci/index.md ):< br > Create new [environments ](../ci/environments/index.md ) | | | ✓ | ✓ | ✓ |
| [CI/CD ](../ci/index.md ):< br > Run CI/CD pipeline against a protected branch | | | ✓ (*5*) | ✓ | ✓ |
| [CI/CD ](../ci/index.md ):< br > Stop [environments ](../ci/environments/index.md ) | | | ✓ | ✓ | ✓ |
| [CI/CD ](../ci/index.md ):< br > View a job with [debug logging ](../ci/variables/index.md#debug-logging ) | | | ✓ | ✓ | ✓ |
| [CI/CD ](../ci/index.md ):< br > Manage CI/CD variables | | | | ✓ | ✓ |
| [CI/CD ](../ci/index.md ):< br > Manage job triggers | | | | ✓ | ✓ |
| [CI/CD ](../ci/index.md ):< br > Manage runners | | | | ✓ | ✓ |
| [CI/CD ](../ci/index.md ):< br > Run Web IDE's Interactive Web Terminals ** (ULTIMATE ONLY)** | | | | ✓ | ✓ |
2021-10-30 14:12:04 -04:00
| [CI/CD ](../ci/index.md ):< br > Use [environment terminals ](../ci/environments/index.md#web-terminals-deprecated ) | | | | ✓ | ✓ |
2021-09-29 11:11:47 -04:00
| [CI/CD ](../ci/index.md ):< br > Delete pipelines | | | | | ✓ |
2021-10-08 20:12:30 -04:00
| [Clusters ](infrastructure/clusters/index.md ):< br > View [pod logs ](project/clusters/kubernetes_pod_logs.md ) | | | ✓ | ✓ | ✓ |
| [Clusters ](infrastructure/clusters/index.md ):< br > Manage clusters | | | | ✓ | ✓ |
2021-08-29 20:09:21 -04:00
| [Container Registry ](packages/container_registry/index.md ):< br > Create, edit, delete cleanup policies | | | ✓ | ✓ | ✓ |
2021-08-23 23:10:40 -04:00
| [Container Registry ](packages/container_registry/index.md ):< br > Remove a container registry image | | | ✓ | ✓ | ✓ |
| [Container Registry ](packages/container_registry/index.md ):< br > Update container registry | | | ✓ | ✓ | ✓ |
2021-08-29 20:09:21 -04:00
| [GitLab Pages ](project/pages/index.md ):< br > View Pages protected by [access control ](project/pages/introduction.md#gitlab-pages-access-control ) | ✓ | ✓ | ✓ | ✓ | ✓ |
| [GitLab Pages ](project/pages/index.md ):< br > Manage | | | | ✓ | ✓ |
| [GitLab Pages ](project/pages/index.md ):< br > Manage GitLab Pages domains and certificates | | | | ✓ | ✓ |
| [GitLab Pages ](project/pages/index.md ):< br > Remove GitLab Pages | | | | ✓ | ✓ |
2021-10-28 17:10:02 -04:00
| [Incident Management ](../operations/incident_management/index.md ):< br > View [alerts ](../operations/incident_management/alerts.md ) | | ✓ | ✓ | ✓ | ✓ |
| [Incident Management ](../operations/incident_management/index.md ):< br > Assign an alert | ✓| ✓ | ✓ | ✓ | ✓ |
| [Incident Management ](../operations/incident_management/index.md ):< br > View [incident ](../operations/incident_management/incidents.md ) | ✓| ✓ | ✓ | ✓ | ✓ |
| [Incident Management ](../operations/incident_management/index.md ):< br > Create [incident ](../operations/incident_management/incidents.md ) | ✓| ✓ | ✓ | ✓ | ✓ |
| [Incident Management ](../operations/incident_management/index.md ):< br > View [on-call schedules ](../operations/incident_management/oncall_schedules.md ) | | ✓ | ✓ | ✓ | ✓ |
| [Incident Management ](../operations/incident_management/index.md ):< br > Participate in on-call rotation | ✓| ✓ | ✓ | ✓ | ✓ |
| [Incident Management ](../operations/incident_management/index.md ):< br > View [escalation policies ](../operations/incident_management/escalation_policies.md ) | | ✓ | ✓ | ✓ | ✓ |
| [Incident Management ](../operations/incident_management/index.md ):< br > Manage [on-call schedules ](../operations/incident_management/oncall_schedules.md ) | | | | ✓ | ✓ |
| [Incident Management ](../operations/incident_management/index.md ):< br > Manage [escalation policies ](../operations/incident_management/escalation_policies.md )| | | | ✓ | ✓ |
2021-08-10 23:10:32 -04:00
| [Issues ](project/issues/index.md ):< br > Add Labels | ✓ (*16*) | ✓ | ✓ | ✓ | ✓ |
| [Issues ](project/issues/index.md ):< br > Assign | ✓ (*16*) | ✓ | ✓ | ✓ | ✓ |
| [Issues ](project/issues/index.md ):< br > Create | ✓ | ✓ | ✓ | ✓ | ✓ |
| [Issues ](project/issues/index.md ):< br > Create [confidential issues ](project/issues/confidential_issues.md ) | ✓ | ✓ | ✓ | ✓ | ✓ |
| [Issues ](project/issues/index.md ):< br > View [Design Management ](project/issues/design_management.md ) pages | ✓ | ✓ | ✓ | ✓ | ✓ |
| [Issues ](project/issues/index.md ):< br > View related issues | ✓ | ✓ | ✓ | ✓ | ✓ |
2021-08-23 23:10:40 -04:00
| [Issues ](project/issues/index.md ):< br > Set weight | ✓ (*16*) | ✓ | ✓ | ✓ | ✓ |
2021-08-10 23:10:32 -04:00
| [Issues ](project/issues/index.md ):< br > View [confidential issues ](project/issues/confidential_issues.md ) | (*2*) | ✓ | ✓ | ✓ | ✓ |
| [Issues ](project/issues/index.md ):< br > Lock threads | | ✓ | ✓ | ✓ | ✓ |
| [Issues ](project/issues/index.md ):< br > Manage related issues | | ✓ | ✓ | ✓ | ✓ |
| [Issues ](project/issues/index.md ):< br > Manage tracker | | ✓ | ✓ | ✓ | ✓ |
| [Issues ](project/issues/index.md ):< br > Move issues (*15*) | | ✓ | ✓ | ✓ | ✓ |
| [Issues ](project/issues/index.md ):< br > Set issue [time tracking ](project/time_tracking.md ) estimate and time spent | | ✓ | ✓ | ✓ | ✓ |
| [Issues ](project/issues/index.md ):< br > Upload [Design Management ](project/issues/design_management.md ) files | | | ✓ | ✓ | ✓ |
| [Issues ](project/issues/index.md ):< br > Delete | | | | | ✓ |
2021-09-05 20:11:03 -04:00
| [License Compliance ](compliance/license_compliance/index.md ):< br > View allowed and denied licenses ** (ULTIMATE)** | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ |
| [License Compliance ](compliance/license_compliance/index.md ):< br > View License Compliance reports ** (ULTIMATE)** | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ |
| [License Compliance ](compliance/license_compliance/index.md ):< br > View License list ** (ULTIMATE)** | | ✓ | ✓ | ✓ | ✓ |
| [License Compliance ](compliance/license_compliance/index.md ):< br > Manage license policy ** (ULTIMATE)** | | | | ✓ | ✓ |
2021-08-10 23:10:32 -04:00
| [Merge requests ](project/merge_requests/index.md ):< br > Assign reviewer | | ✓ | ✓ | ✓ | ✓ |
| [Merge requests ](project/merge_requests/index.md ):< br > See list | | ✓ | ✓ | ✓ | ✓ |
| [Merge requests ](project/merge_requests/index.md ):< br > Apply code change suggestions | | | ✓ | ✓ | ✓ |
| [Merge requests ](project/merge_requests/index.md ):< br > Approve (*9*) | | | ✓ | ✓ | ✓ |
| [Merge requests ](project/merge_requests/index.md ):< br > Assign | | | ✓ | ✓ | ✓ |
| [Merge requests ](project/merge_requests/index.md ):< br > Create | | | ✓ | ✓ | ✓ |
| [Merge requests ](project/merge_requests/index.md ):< br > Add labels | | | ✓ | ✓ | ✓ |
| [Merge requests ](project/merge_requests/index.md ):< br > Lock threads | | | ✓ | ✓ | ✓ |
2021-08-23 23:10:40 -04:00
| [Merge requests ](project/merge_requests/index.md ):< br > Manage or accept | | | ✓ | ✓ | ✓ |
2021-08-10 23:10:32 -04:00
| [Merge requests ](project/merge_requests/index.md ):< br > Manage merge approval rules (project settings) | | | | ✓ | ✓ |
| [Merge requests ](project/merge_requests/index.md ):< br > Delete | | | | | ✓ |
2021-09-05 20:11:03 -04:00
| [Metrics dashboards ](../operations/metrics/dashboards/index.md ):< br > Manage user-starred metrics dashboards (*7*) | ✓ | ✓ | ✓ | ✓ | ✓ |
| [Metrics dashboards ](../operations/metrics/dashboards/index.md ):< br > View metrics dashboard annotations | | ✓ | ✓ | ✓ | ✓ |
| [Metrics dashboards ](../operations/metrics/dashboards/index.md ):< br > Create/edit/delete metrics dashboard annotations | | | ✓ | ✓ | ✓ |
2021-08-23 23:10:40 -04:00
| [Package registry ](packages/index.md ):< br > Pull package | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ |
| [Package registry ](packages/index.md ):< br > Publish package | | | ✓ | ✓ | ✓ |
| [Package registry ](packages/index.md ):< br > Delete package | | | | ✓ | ✓ |
| [Project operations ](../operations/index.md ):< br > View [Error Tracking ](../operations/error_tracking.md ) list | | ✓ | ✓ | ✓ | ✓ |
| [Project operations ](../operations/index.md ):< br > Manage [Feature Flags ](../operations/feature_flags.md ) ** (PREMIUM)** | | | ✓ | ✓ | ✓ |
| [Project operations ](../operations/index.md ):< br > Manage [Error Tracking ](../operations/error_tracking.md ) | | | | ✓ | ✓ |
2021-08-12 23:10:09 -04:00
| [Projects ](project/index.md ):< br > Download project | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ |
| [Projects ](project/index.md ):< br > Leave comments | ✓ | ✓ | ✓ | ✓ | ✓ |
| [Projects ](project/index.md ):< br > Reposition comments on images (posted by any user) | ✓ (*10*) | ✓ (*10*) | ✓ (*10*) | ✓ | ✓ |
| [Projects ](project/index.md ):< br > View Insights ** (ULTIMATE)** | ✓ | ✓ | ✓ | ✓ | ✓ |
2021-08-23 23:10:40 -04:00
| [Projects ](project/index.md ):< br > View [releases ](project/releases/index.md ) | ✓ (*6*) | ✓ | ✓ | ✓ | ✓ |
2021-08-12 23:10:09 -04:00
| [Projects ](project/index.md ):< br > View Requirements ** (ULTIMATE)** | ✓ | ✓ | ✓ | ✓ | ✓ |
| [Projects ](project/index.md ):< br > View [time tracking ](project/time_tracking.md ) reports | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ |
| [Projects ](project/index.md ):< br > View [wiki ](project/wiki/index.md ) pages | ✓ | ✓ | ✓ | ✓ | ✓ |
| [Projects ](project/index.md ):< br > Create [snippets ](snippets.md ) | | ✓ | ✓ | ✓ | ✓ |
| [Projects ](project/index.md ):< br > Manage labels | | ✓ | ✓ | ✓ | ✓ |
2021-09-26 23:11:36 -04:00
| [Projects ](project/index.md ):< br > View [project traffic statistics ](../api/project_statistics.md ) | | ✓ | ✓ | ✓ | ✓ |
2021-08-12 23:10:09 -04:00
| [Projects ](project/index.md ):< br > Create, edit, delete [milestones ](project/milestones/index.md ). | | | ✓ | ✓ | ✓ |
2021-08-23 23:10:40 -04:00
| [Projects ](project/index.md ):< br > Create, edit, delete [releases ](project/releases/index.md ) | | | ✓ (*13*) | ✓ (*13*) | ✓ (*13*) |
2021-08-12 23:10:09 -04:00
| [Projects ](project/index.md ):< br > Create, edit [wiki ](project/wiki/index.md ) pages | | | ✓ | ✓ | ✓ |
| [Projects ](project/index.md ):< br > Enable Review Apps | | | ✓ | ✓ | ✓ |
| [Projects ](project/index.md ):< br > View project [Audit Events ](../administration/audit_events.md ) | | | ✓ (*11*) | ✓ | ✓ |
| [Projects ](project/index.md ):< br > Add deploy keys | | | | ✓ | ✓ |
| [Projects ](project/index.md ):< br > Add new team members | | | | ✓ | ✓ |
| [Projects ](project/index.md ):< br > Change [project features visibility ](../public_access/public_access.md ) level | | | | ✓ (14) | ✓ |
2021-09-05 20:11:03 -04:00
| [Projects ](project/index.md ):< br > Configure [webhooks ](project/integrations/webhooks.md ) | | | | ✓ | ✓ |
2021-10-22 14:13:20 -04:00
| [Projects ](project/index.md ):< br > Delete [wiki ](project/wiki/index.md ) pages | | | ✓ | ✓ | ✓ |
2021-08-12 23:10:09 -04:00
| [Projects ](project/index.md ):< br > Edit comments (posted by any user) | | | | ✓ | ✓ |
| [Projects ](project/index.md ):< br > Edit project badges | | | | ✓ | ✓ |
| [Projects ](project/index.md ):< br > Edit project settings | | | | ✓ | ✓ |
| [Projects ](project/index.md ):< br > Export project | | | | ✓ | ✓ |
| [Projects ](project/index.md ):< br > Manage [project access tokens ](project/settings/project_access_tokens.md ) ** (FREE SELF)** ** (PREMIUM SAAS)** (*12*) | | | | ✓ | ✓ |
| [Projects ](project/index.md ):< br > Manage [Project Operations ](../operations/index.md ) | | | | ✓ | ✓ |
| [Projects ](project/index.md ):< br > Share (invite) projects with groups | | | | ✓ (*8*) | ✓ (*8*) |
| [Projects ](project/index.md ):< br > View 2FA status of members | | | | ✓ | ✓ |
| [Projects ](project/index.md ):< br > Administer project compliance frameworks | | | | | ✓ |
| [Projects ](project/index.md ):< br > Archive project | | | | | ✓ |
| [Projects ](project/index.md ):< br > Change project visibility level | | | | | ✓ |
| [Projects ](project/index.md ):< br > Delete project | | | | | ✓ |
| [Projects ](project/index.md ):< br > Disable notification emails | | | | | ✓ |
| [Projects ](project/index.md ):< br > Rename project | | | | | ✓ |
| [Projects ](project/index.md ):< br > Transfer project to another namespace | | | | | ✓ |
2021-08-19 02:11:00 -04:00
| [Repository ](project/repository/index.md ):< br > Pull project code | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ |
| [Repository ](project/repository/index.md ):< br > View project code | ✓ (*1*) | ✓ | ✓ | ✓ | ✓ |
| [Repository ](project/repository/index.md ):< br > View a commit status | | ✓ | ✓ | ✓ | ✓ |
| [Repository ](project/repository/index.md ):< br > Add tags | | | ✓ | ✓ | ✓ |
| [Repository ](project/repository/index.md ):< br > Create new branches | | | ✓ | ✓ | ✓ |
| [Repository ](project/repository/index.md ):< br > Create or update commit status | | | ✓ (*5*) | ✓ | ✓ |
| [Repository ](project/repository/index.md ):< br > Force push to non-protected branches | | | ✓ | ✓ | ✓ |
| [Repository ](project/repository/index.md ):< br > Push to non-protected branches | | | ✓ | ✓ | ✓ |
| [Repository ](project/repository/index.md ):< br > Remove non-protected branches | | | ✓ | ✓ | ✓ |
| [Repository ](project/repository/index.md ):< br > Rewrite or remove Git tags | | | ✓ | ✓ | ✓ |
| [Repository ](project/repository/index.md ):< br > Enable or disable branch protection | | | | ✓ | ✓ |
| [Repository ](project/repository/index.md ):< br > Enable or disable tag protection | | | | ✓ | ✓ |
| [Repository ](project/repository/index.md ):< br > Manage [push rules ](../push_rules/push_rules.md ) | | | | ✓ | ✓ |
2021-10-21 14:10:11 -04:00
| [Repository ](project/repository/index.md ):< br > Push to protected branches (*5*) | | | | ✓ | ✓ |
2021-08-23 23:10:40 -04:00
| [Repository ](project/repository/index.md ):< br > Turn on or off protected branch push for developers | | | | ✓ | ✓ |
2021-08-19 02:11:00 -04:00
| [Repository ](project/repository/index.md ):< br > Remove fork relationship | | | | | ✓ |
| [Repository ](project/repository/index.md ):< br > Force push to protected branches (*4*) | | | | | |
| [Repository ](project/repository/index.md ):< br > Remove protected branches (*4*) | | | | | |
2021-09-05 20:11:03 -04:00
| [Requirements Management ](project/requirements/index.md ):< br > Archive / reopen ** (ULTIMATE)** | | ✓ | ✓ | ✓ | ✓ |
| [Requirements Management ](project/requirements/index.md ):< br > Create / edit ** (ULTIMATE)** | | ✓ | ✓ | ✓ | ✓ |
| [Requirements Management ](project/requirements/index.md ):< br > Import / export ** (ULTIMATE)** | | ✓ | ✓ | ✓ | ✓ |
2021-08-05 23:08:43 -04:00
| [Security dashboard ](application_security/security_dashboard/index.md ):< br > View Security reports ** (ULTIMATE)** | ✓ (*3*) | ✓ | ✓ | ✓ | ✓ |
| [Security dashboard ](application_security/security_dashboard/index.md ):< br > Create issue from vulnerability finding ** (ULTIMATE)** | | | ✓ | ✓ | ✓ |
| [Security dashboard ](application_security/security_dashboard/index.md ):< br > Create vulnerability from vulnerability finding ** (ULTIMATE)** | | | ✓ | ✓ | ✓ |
| [Security dashboard ](application_security/security_dashboard/index.md ):< br > Dismiss vulnerability ** (ULTIMATE)** | | | ✓ | ✓ | ✓ |
| [Security dashboard ](application_security/security_dashboard/index.md ):< br > Dismiss vulnerability finding ** (ULTIMATE)** | | | ✓ | ✓ | ✓ |
| [Security dashboard ](application_security/security_dashboard/index.md ):< br > Resolve vulnerability ** (ULTIMATE)** | | | ✓ | ✓ | ✓ |
| [Security dashboard ](application_security/security_dashboard/index.md ):< br > Revert vulnerability to detected state ** (ULTIMATE)** | | | ✓ | ✓ | ✓ |
| [Security dashboard ](application_security/security_dashboard/index.md ):< br > Use security dashboard ** (ULTIMATE)** | | | ✓ | ✓ | ✓ |
| [Security dashboard ](application_security/security_dashboard/index.md ):< br > View vulnerability ** (ULTIMATE)** | | | ✓ | ✓ | ✓ |
| [Security dashboard ](application_security/security_dashboard/index.md ):< br > View vulnerability findings in [dependency list ](application_security/dependency_list/index.md ) ** (ULTIMATE)** | | | ✓ | ✓ | ✓ |
2021-08-29 20:09:21 -04:00
| [Terraform ](infrastructure/index.md ):< br > Read Terraform state | | | ✓ | ✓ | ✓ |
| [Terraform ](infrastructure/index.md ):< br > Manage Terraform state | | | | ✓ | ✓ |
| [Test cases ](../ci/test_cases/index.md ):< br > Archive | | ✓ | ✓ | ✓ | ✓ |
| [Test cases ](../ci/test_cases/index.md ):< br > Create | | ✓ | ✓ | ✓ | ✓ |
| [Test cases ](../ci/test_cases/index.md ):< br > Move | | ✓ | ✓ | ✓ | ✓ |
| [Test cases ](../ci/test_cases/index.md ):< br > Reopen | | ✓ | ✓ | ✓ | ✓ |
2020-02-27 01:09:20 -05:00
2021-09-17 05:09:24 -04:00
1. On self-managed GitLab instances, guest users are able to perform this action only on
public and internal projects (not on private projects). [External users ](#external-users )
must be given explicit access even if the project is internal. For GitLab.com, see the
[GitLab.com visibility settings ](gitlab_com/index.md#visibility-settings ).
2021-07-29 20:10:03 -04:00
1. Guest users can only view the [confidential issues ](project/issues/confidential_issues.md ) they created themselves.
2020-02-27 01:09:20 -05:00
1. If **Public pipelines** is enabled in **Project Settings > CI/CD** .
2021-02-05 10:09:28 -05:00
1. Not allowed for Guest, Reporter, Developer, Maintainer, or Owner. See [protected branches ](project/protected_branches.md ).
2021-06-17 08:10:02 -04:00
1. If the [branch is protected ](project/protected_branches.md ), this depends on the access Developers and Maintainers are given.
2020-03-13 08:09:22 -04:00
1. Guest users can access GitLab [**Releases** ](project/releases/index.md ) for downloading assets but are not allowed to download the source code nor see repository information like tags and commits.
2020-05-13 14:08:47 -04:00
1. Actions are limited only to records owned (referenced) by user.
2021-03-01 19:11:26 -05:00
1. When [Share Group Lock ](group/index.md#prevent-a-project-from-being-shared-with-groups ) is enabled the project can't be shared with other groups. It does not affect group with group sharing.
2020-06-10 14:09:15 -04:00
1. For information on eligible approvers for merge requests, see
2021-04-28 17:10:01 -04:00
[Eligible approvers ](project/merge_requests/approvals/rules.md#eligible-approvers ).
2020-12-02 19:09:53 -05:00
1. Applies only to comments on [Design Management ](project/issues/design_management.md ) designs.
2020-12-16 10:10:18 -05:00
1. Users can only view events based on their individual actions.
2021-04-06 20:09:26 -04:00
1. Project access tokens are supported for self-managed instances on Free and above. They are also
2021-07-02 14:08:28 -04:00
supported on GitLab SaaS Premium and above (excluding [trial licenses ](https://about.gitlab.com/free-trial/ )).
2021-07-06 23:08:47 -04:00
1. If the [tag is protected ](#release-permissions-with-protected-tags ), this depends on the access Developers and Maintainers are given.
2021-07-22 11:10:25 -04:00
1. A Maintainer can't change project features visibility level if
[project visibility ](../public_access/public_access.md ) is set to private.
2021-07-26 14:09:51 -04:00
1. Attached design files are moved together with the issue even if the user doesn't have the
Developer role.
2021-07-28 14:10:23 -04:00
1. Guest users can set metadata (for example, labels, assignees, or milestones) when creating an issue.
2016-07-12 10:49:03 -04:00
2017-08-15 13:58:21 -04:00
## Project features permissions
### Wiki and issues
2021-03-31 17:09:15 -04:00
Project features like [wikis ](project/wiki/index.md ) and issues can be hidden from users depending on
2017-08-15 13:58:21 -04:00
which visibility level you select on project settings.
- Disabled: disabled for everyone
2020-08-09 20:10:20 -04:00
- Only team members: only team members can see even if your project is public or internal
2020-09-23 17:09:28 -04:00
- Everyone with access: everyone can see depending on your project's visibility level
2018-10-05 09:41:11 -04:00
- Everyone: enabled for everyone (only available for GitLab Pages)
2017-08-15 13:58:21 -04:00
### Protected branches
2019-09-11 22:29:56 -04:00
Additional restrictions can be applied on a per-branch basis with [protected branches ](project/protected_branches.md ).
Additionally, you can customize permissions to allow or prevent project
Maintainers and Developers from pushing to a protected branch. Read through the documentation on
2021-06-17 08:10:02 -04:00
[protected branches ](project/protected_branches.md )
2017-08-15 13:58:21 -04:00
to learn more.
2020-02-07 16:08:39 -05:00
### Value Stream Analytics permissions
2017-08-15 13:58:21 -04:00
2020-02-07 16:08:39 -05:00
Find the current permissions on the Value Stream Analytics dashboard, as described in
[related documentation ](analytics/value_stream_analytics.md#permissions ).
2017-08-15 13:58:21 -04:00
2021-08-19 14:10:32 -04:00
### Issue board permissions
2017-08-15 13:58:21 -04:00
2021-08-19 14:10:32 -04:00
Find the current permissions for interacting with the issue board feature in the
[issue boards permissions page ](project/issue_board.md#permissions ).
2017-08-15 13:58:21 -04:00
2019-07-08 04:50:38 -04:00
### File Locking permissions **(PREMIUM)**
2017-08-15 13:58:21 -04:00
The user that locks a file or directory is the only one that can edit and push their changes back to the repository where the locked objects are located.
2020-08-26 05:10:16 -04:00
Read through the documentation on [permissions for File Locking ](project/file_lock.md#permissions ) to learn more.
2017-08-15 13:58:21 -04:00
### Confidential Issues permissions
2021-07-29 20:10:03 -04:00
[Confidential issues ](project/issues/confidential_issues.md ) can be accessed by users with reporter and higher permission levels,
2017-08-15 13:58:21 -04:00
as well as by guest users that create a confidential issue. To learn more,
read through the documentation on [permissions and access to confidential issues ](project/issues/confidential_issues.md#permissions-and-access-to-confidential-issues ).
2021-08-04 14:09:57 -04:00
### Container Registry visibility permissions
Find the visibility permissions for the Container Registry, as described in the
[related documentation ](packages/container_registry/index.md#container-registry-visibility-permissions ).
2017-08-15 13:58:21 -04:00
## Group members permissions
2016-07-12 10:49:03 -04:00
Any user can remove themselves from a group, unless they are the last Owner of
2021-05-31 14:09:56 -04:00
the group.
The following table lists group permissions available for each role:
2016-07-12 10:49:03 -04:00
2021-07-26 20:08:48 -04:00
<!-- Keep this table sorted: first, by minimum role, then alphabetically. -->
2019-08-27 21:01:49 -04:00
| Action | Guest | Reporter | Developer | Maintainer | Owner |
|--------------------------------------------------------|-------|----------|-----------|------------|-------|
| Browse group | ✓ | ✓ | ✓ | ✓ | ✓ |
2021-07-19 17:08:57 -04:00
| Edit SAML SSO Billing ** (PREMIUM SAAS)** | ✓ | ✓ | ✓ | ✓ | ✓ (4) |
2021-09-09 11:09:24 -04:00
| Pull a container image using the dependency proxy | ✓ | ✓ | ✓ | ✓ | ✓ |
2021-07-19 17:08:57 -04:00
| View Contribution analytics | ✓ | ✓ | ✓ | ✓ | ✓ |
| View group epic ** (PREMIUM)** | ✓ | ✓ | ✓ | ✓ | ✓ |
2020-10-16 11:08:46 -04:00
| View group wiki pages ** (PREMIUM)** | ✓ (6) | ✓ | ✓ | ✓ | ✓ |
2021-07-19 17:08:57 -04:00
| View Insights ** (ULTIMATE)** | ✓ | ✓ | ✓ | ✓ | ✓ |
2019-08-27 21:01:49 -04:00
| View Insights charts ** (ULTIMATE)** | ✓ | ✓ | ✓ | ✓ | ✓ |
2021-07-19 17:08:57 -04:00
| View Issue analytics ** (PREMIUM)** | ✓ | ✓ | ✓ | ✓ | ✓ |
| View Value Stream analytics | ✓ | ✓ | ✓ | ✓ | ✓ |
2021-06-15 02:10:17 -04:00
| Create/edit group epic ** (PREMIUM)** | | ✓ | ✓ | ✓ | ✓ |
| Create/edit/delete epic boards ** (PREMIUM)** | | ✓ | ✓ | ✓ | ✓ |
2019-08-27 21:01:49 -04:00
| Manage group labels | | ✓ | ✓ | ✓ | ✓ |
2020-07-21 14:09:45 -04:00
| Pull [packages ](packages/index.md ) | | ✓ | ✓ | ✓ | ✓ |
2021-07-19 17:08:57 -04:00
| View a container registry | | ✓ | ✓ | ✓ | ✓ |
| View Group DevOps Adoption ** (ULTIMATE)** | | ✓ | ✓ | ✓ | ✓ |
2020-04-21 11:21:10 -04:00
| View metrics dashboard annotations | | ✓ | ✓ | ✓ | ✓ |
2021-07-19 17:08:57 -04:00
| View Productivity analytics ** (PREMIUM)** | | ✓ | ✓ | ✓ | ✓ |
| Create and edit group wiki pages ** (PREMIUM)** | | | ✓ | ✓ | ✓ |
2020-09-15 17:09:35 -04:00
| Create project in group | | | ✓ (3)(5) | ✓ (3) | ✓ (3) |
2019-08-27 21:01:49 -04:00
| Create/edit/delete group milestones | | | ✓ | ✓ | ✓ |
2020-06-26 08:08:51 -04:00
| Create/edit/delete iterations | | | ✓ | ✓ | ✓ |
2021-07-19 17:08:57 -04:00
| Create/edit/delete metrics dashboard annotations | | | ✓ | ✓ | ✓ |
2020-11-13 16:09:31 -05:00
| Enable/disable a dependency proxy | | | ✓ | ✓ | ✓ |
2021-08-06 14:09:57 -04:00
| Purge the dependency proxy for a group | | | | | ✓ |
2021-07-19 17:08:57 -04:00
| Publish [packages ](packages/index.md ) | | | ✓ | ✓ | ✓ |
2019-08-27 21:01:49 -04:00
| Use security dashboard ** (ULTIMATE)** | | | ✓ | ✓ | ✓ |
2021-07-19 17:08:57 -04:00
| View group Audit Events | | | ✓ (7) | ✓ (7) | ✓ |
2019-08-27 21:01:49 -04:00
| Create subgroup | | | | ✓ (1) | ✓ |
2021-10-22 14:13:20 -04:00
| Delete group wiki pages ** (PREMIUM)** | | | ✓ | ✓ | ✓ |
2020-04-09 14:09:34 -04:00
| Edit epic comments (posted by any user) ** (ULTIMATE)** | | | | ✓ (2) | ✓ (2) |
2020-07-01 17:08:51 -04:00
| List group deploy tokens | | | | ✓ | ✓ |
2021-07-19 17:08:57 -04:00
| Manage [group push rules ](group/index.md#group-push-rules ) ** (PREMIUM)** | | | | ✓ | ✓ |
| View/manage group-level Kubernetes cluster | | | | ✓ | ✓ |
| Administer project compliance frameworks | | | | | ✓ |
2020-07-01 17:08:51 -04:00
| Create/Delete group deploy tokens | | | | | ✓ |
2021-09-09 11:09:24 -04:00
| Change group visibility level | | | | | ✓ |
2020-06-03 02:08:34 -04:00
| Delete group | | | | | ✓ |
2021-06-15 02:10:17 -04:00
| Delete group epic ** (PREMIUM)** | | | | | ✓ |
2019-08-27 21:01:49 -04:00
| Disable notification emails | | | | | ✓ |
2021-07-19 17:08:57 -04:00
| Edit group settings | | | | | ✓ |
| Filter members by 2FA status | | | | | ✓ |
| Manage group level CI/CD variables | | | | | ✓ |
| Manage group members | | | | | ✓ |
| Share (invite) groups with groups | | | | | ✓ |
| View 2FA status of members | | | | | ✓ |
2021-01-28 01:08:59 -05:00
| View Billing ** (FREE SAAS)** | | | | | ✓ (4) |
| View Usage Quotas ** (FREE SAAS)** | | | | | ✓ (4) |
2016-07-12 10:49:03 -04:00
2020-02-27 01:09:20 -05:00
1. Groups can be set to [allow either Owners or Owners and
2019-07-12 13:48:38 -04:00
Maintainers to create subgroups](group/subgroups/index.md#creating-a-subgroup)
2020-02-27 01:09:20 -05:00
1. Introduced in GitLab 12.2.
1. Default project creation role can be changed at:
2021-08-10 20:10:03 -04:00
- The [instance level ](admin_area/settings/visibility_and_access_controls.md#define-which-roles-can-create-projects ).
2021-03-03 22:10:58 -05:00
- The [group level ](group/index.md#specify-who-can-add-projects-to-a-group ).
2020-06-03 02:08:34 -04:00
1. Does not apply to subgroups.
2021-02-24 01:11:32 -05:00
1. Developers can push commits to the default branch of a new project only if the [default branch protection ](group/index.md#change-the-default-branch-protection-of-a-group ) is set to "Partially protected" or "Not protected".
2020-10-16 11:08:46 -04:00
1. In addition, if your group is public or internal, all users who can see the group can also see group wiki pages.
2020-12-16 10:10:18 -05:00
1. Users can only view events based on their individual actions.
2019-07-01 18:39:43 -04:00
2017-08-15 13:58:21 -04:00
### Subgroup permissions
When you add a member to a subgroup, they inherit the membership and
2020-07-02 17:09:14 -04:00
permission level from the parent group(s). This model allows access to
2017-08-15 13:58:21 -04:00
nested groups if you have membership in one of its parents.
To learn more, read through the documentation on
[subgroups memberships ](group/subgroups/index.md#membership ).
2021-01-28 01:08:59 -05:00
## External users **(FREE SELF)**
2016-07-12 10:49:03 -04:00
In cases where it is desired that a user has access only to some internal or
private projects, there is the option of creating **External Users** . This
feature may be useful when for example a contractor is working on a given
project and should only have access to that project.
2019-10-08 20:06:06 -04:00
External users:
2021-04-13 17:11:25 -04:00
- Can only create projects (including forks), subgroups, and snippets within the top-level group to which they belong.
2020-06-08 14:08:27 -04:00
- Can only access public projects and projects to which they are explicitly granted access,
2019-10-08 20:06:06 -04:00
thus hiding all other internal or private ones from them (like being
logged out).
2020-10-30 11:08:59 -04:00
- Can only access public groups and groups to which they are explicitly granted access,
thus hiding all other internal or private ones from them (like being
logged out).
- Can only access public snippets.
2016-07-12 10:49:03 -04:00
2019-10-08 20:06:06 -04:00
Access can be granted by adding the user as member to the project or group.
2020-08-09 20:10:20 -04:00
Like usual users, they receive a role in the project or group with all
2019-10-08 20:06:06 -04:00
the abilities that are mentioned in the [permissions table above ](#project-members-permissions ).
2020-09-28 14:09:40 -04:00
For example, if an external user is added as Guest, and your project is internal or
2020-08-09 20:10:20 -04:00
private, they do not have access to the code; you need to grant the external
2019-10-08 20:06:06 -04:00
user access at the Reporter level or above if you want them to have access to the code. You should
always take into account the
[project's visibility and permissions settings ](project/settings/index.md#sharing-and-permissions )
as well as the permission level of the user.
2018-11-04 22:40:20 -05:00
2020-12-04 16:09:29 -05:00
NOTE:
2019-10-08 20:06:06 -04:00
External users still count towards a license seat.
An administrator can flag a user as external by either of the following methods:
2016-07-12 10:49:03 -04:00
2021-06-15 14:09:57 -04:00
- [Through the API ](../api/users.md#user-modification ).
- Using the GitLab UI:
2021-08-26 05:11:15 -04:00
1. On the top bar, select **Menu > Admin** .
2021-06-15 14:09:57 -04:00
1. On the left sidebar, select **Overview > Users** to create a new user or edit an existing one.
There, you can find the option to flag the user as external.
2016-07-12 10:49:03 -04:00
2021-10-26 20:13:04 -04:00
Additionally users can be set as external users using:
- [SAML groups ](../integration/saml.md#external-groups ).
- [LDAP groups ](../administration/auth/ldap/ldap_synchronization.md#external-groups ).
2021-02-01 13:09:17 -05:00
2019-10-08 20:06:06 -04:00
### Setting new users to external
2018-08-30 08:53:06 -04:00
2019-10-08 20:06:06 -04:00
By default, new users are not set as external users. This behavior can be changed
2021-06-15 14:09:57 -04:00
by an administrator:
2021-08-26 05:11:15 -04:00
1. On the top bar, select **Menu > Admin** .
2021-06-15 14:09:57 -04:00
1. On the left sidebar, select **Settings > General** .
1. Expand the **Account and limit** section.
2018-08-30 08:53:06 -04:00
2020-08-09 20:10:20 -04:00
If you change the default behavior of creating new users as external, you
2019-10-08 20:06:06 -04:00
have the option to narrow it down by defining a set of internal users.
The **Internal users** field allows specifying an email address regex pattern to
identify default internal users. New users whose email address matches the regex
2020-08-09 20:10:20 -04:00
pattern are set to internal by default rather than an external collaborator.
2018-08-30 08:53:06 -04:00
2020-09-22 17:10:04 -04:00
The regex pattern format is in Ruby, but it needs to be convertible to JavaScript,
2020-08-09 20:10:20 -04:00
and the ignore case flag is set (`/regex pattern/i`). Here are some examples:
2018-08-30 08:53:06 -04:00
2019-10-08 20:06:06 -04:00
- Use `\.internal@domain\.com$` to mark email addresses ending with
`.internal@domain.com` as internal.
- Use `^(?:(?!\.ext@domain\.com).)*$\r?` to mark users with email addresses
NOT including `.ext@domain.com` as internal.
2018-08-30 08:53:06 -04:00
2020-12-04 16:09:29 -05:00
WARNING:
2019-10-08 20:06:06 -04:00
Be aware that this regex could lead to a
[regular expression denial of service (ReDoS) attack ](https://en.wikipedia.org/wiki/ReDoS ).
## Free Guest users **(ULTIMATE)**
2018-08-30 08:53:06 -04:00
2019-10-08 20:06:06 -04:00
When a user is given Guest permissions on a project, group, or both, and holds no
higher permission level on any other project or group on the GitLab instance,
2020-08-09 20:10:20 -04:00
the user is considered a guest user by GitLab and does not consume a license seat.
2019-10-08 20:06:06 -04:00
There is no other specific "guest" designation for newly created users.
2020-08-09 20:10:20 -04:00
If the user is assigned a higher role on any projects or groups, the user
takes a license seat. If a user creates a project, the user becomes a Maintainer
2019-10-08 20:06:06 -04:00
on the project, resulting in the use of a license seat. Also, note that if your
2020-08-09 20:10:20 -04:00
project is internal or private, Guest users have all the abilities that are
2019-10-08 20:06:06 -04:00
mentioned in the [permissions table above ](#project-members-permissions ) (they
2020-08-09 20:10:20 -04:00
are unable to browse the project's repository, for example).
2019-10-08 20:06:06 -04:00
2020-12-07 22:09:37 -05:00
NOTE:
2021-09-23 02:12:14 -04:00
To prevent a guest user from creating projects, as an administrator, you can edit the
2020-09-07 11:09:04 -04:00
user's profile to mark the user as [external ](#external-users ).
2019-10-08 20:06:06 -04:00
Beware though that even if a user is external, if they already have Reporter or
2020-08-09 20:10:20 -04:00
higher permissions in any project or group, they are **not** counted as a
2019-10-08 20:06:06 -04:00
free guest user.
2018-08-30 08:53:06 -04:00
2021-01-28 07:09:54 -05:00
## Auditor users **(PREMIUM SELF)**
2018-06-14 11:16:53 -04:00
Auditor users are given read-only access to all projects, groups, and other
resources on the GitLab instance.
An Auditor user should be able to access all projects and groups of a GitLab instance
2019-05-31 07:06:58 -04:00
with the permissions described on the documentation on [auditor users permissions ](../administration/auditor_users.md#permissions-and-restrictions-of-an-auditor-user ).
2018-06-14 11:16:53 -04:00
2019-05-31 07:06:58 -04:00
[Read more about Auditor users. ](../administration/auditor_users.md )
2018-06-14 11:16:53 -04:00
2020-10-22 20:08:30 -04:00
## Users with minimal access **(PREMIUM)**
2020-10-01 11:10:05 -04:00
2021-10-06 23:09:43 -04:00
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40942) in [GitLab Premium](https://about.gitlab.com/pricing/) 13.4.
2020-10-01 11:10:05 -04:00
2021-05-16 20:10:14 -04:00
Owners can add members with a "minimal access" role to a parent group. Such users don't
automatically have access to projects and subgroups underneath. To support such access, owners must explicitly add these "minimal access" users to the specific subgroups/projects.
2020-10-01 11:10:05 -04:00
Users with minimal access can list the group in the UI and through the API. However, they cannot see
2020-10-16 14:09:04 -04:00
details such as projects or subgroups. They do not have access to the group's page or list any of its subgroups or projects.
2020-10-01 11:10:05 -04:00
2020-12-02 19:09:53 -05:00
### Minimal access users take license seats
Users with even a "minimal access" role are counted against your number of license seats. This
2021-01-29 01:09:09 -05:00
requirement does not apply for [GitLab Ultimate ](https://about.gitlab.com/pricing/ )
subscriptions.
2020-12-02 19:09:53 -05:00
2018-06-14 11:16:53 -04:00
## Project features
Project features like wiki and issues can be hidden from users depending on
which visibility level you select on project settings.
2021-11-01 20:13:00 -04:00
- Disabled: disabled for everyone.
- Only team members: only team members can see, even if your project is public or internal.
- Everyone with access: everyone can see depending on your project visibility level.
- Everyone: enabled for everyone (only available for GitLab Pages).
2018-06-14 11:16:53 -04:00
2017-08-15 13:58:21 -04:00
## GitLab CI/CD permissions
2016-07-12 10:49:03 -04:00
2021-11-01 20:13:00 -04:00
GitLab CI/CD permissions rely on the role the user has in GitLab:
2021-06-11 14:10:13 -04:00
- Maintainer
- Developer
- Guest/Reporter
2021-11-03 20:12:36 -04:00
GitLab administrators can perform any action on GitLab CI/CD in scope of the GitLab
2021-06-11 14:10:13 -04:00
instance and project.
| Action | Guest, Reporter | Developer |Maintainer| Administrator |
|---------------------------------------|-----------------|-------------|----------|---------------|
| See commits and jobs | ✓ | ✓ | ✓ | ✓ |
| Retry or cancel job | | ✓ | ✓ | ✓ |
| Erase job artifacts and job logs | | ✓ (*1*) | ✓ | ✓ |
| Delete project | | | ✓ | ✓ |
| Create project | | | ✓ | ✓ |
| Change project configuration | | | ✓ | ✓ |
| Add specific runners | | | ✓ | ✓ |
| Add shared runners | | | | ✓ |
| See events in the system | | | | ✓ |
| Admin Area | | | | ✓ |
2016-09-21 10:28:48 -04:00
2020-05-12 11:10:33 -04:00
1. Only if the job was:
- Triggered by the user
2021-06-11 14:10:13 -04:00
- [In GitLab 13.0 ](https://gitlab.com/gitlab-org/gitlab/-/issues/35069 ) and later, run for a non-protected branch.
2019-05-31 07:06:58 -04:00
2017-08-15 13:58:21 -04:00
### Job permissions
2016-09-21 10:28:48 -04:00
2017-02-13 11:59:57 -05:00
This table shows granted privileges for jobs triggered by specific types of
2016-09-22 08:04:57 -04:00
users:
2016-09-21 10:28:48 -04:00
2021-09-23 02:12:14 -04:00
| Action | Guest, Reporter | Developer |Maintainer| Administrator |
2019-05-31 07:06:58 -04:00
|---------------------------------------------|-----------------|-------------|----------|---------|
| Run CI job | | ✓ | ✓ | ✓ |
| Clone source and LFS from current project | | ✓ | ✓ | ✓ |
| Clone source and LFS from public projects | | ✓ | ✓ | ✓ |
| Clone source and LFS from internal projects | | ✓ (*1*) | ✓ (*1*) | ✓ |
| Clone source and LFS from private projects | | ✓ (*2*) | ✓ (*2*) | ✓ (*2*) |
| Pull container images from current project | | ✓ | ✓ | ✓ |
| Pull container images from public projects | | ✓ | ✓ | ✓ |
| Pull container images from internal projects| | ✓ (*1*) | ✓ (*1*) | ✓ |
| Pull container images from private projects | | ✓ (*2*) | ✓ (*2*) | ✓ (*2*) |
| Push container images to current project | | ✓ | ✓ | ✓ |
| Push container images to other projects | | | | |
| Push source and LFS | | | | |
2021-09-30 05:12:38 -04:00
1. Only if the triggering user is not an external one
1. Only if the triggering user is a member of the project
2016-09-21 10:28:48 -04:00
2017-09-07 07:23:02 -04:00
## Running pipelines on protected branches
The permission to merge or push to protected branches is used to define if a user can
run CI/CD pipelines and execute actions on jobs that are related to those branches.
2020-04-10 02:09:41 -04:00
See [Security on protected branches ](../ci/pipelines/index.md#pipeline-security-on-protected-branches )
2017-09-07 07:23:02 -04:00
for details about the pipelines security model.
2021-07-06 23:08:47 -04:00
## Release permissions with protected tags
[The permission to create tags ](project/protected_tags.md ) is used to define if a user can
create, edit, and delete [Releases ](project/releases/index.md ).
See [Release permissions ](project/releases/index.md#release-permissions )
for more information.
2017-08-15 13:58:21 -04:00
## LDAP users permissions
2021-10-06 23:09:43 -04:00
LDAP user permissions can be manually overridden by an administrator.
2020-09-07 11:09:04 -04:00
Read through the documentation on [LDAP users permissions ](group/index.md#manage-group-memberships-via-ldap ) to learn more.
2019-06-16 23:56:59 -04:00
## Project aliases
Project aliases can only be read, created and deleted by a GitLab administrator.
2021-02-09 04:09:19 -05:00
Read through the documentation on [Project aliases ](../user/project/import/index.md#project-aliases ) to learn more.
