gitlab-org--gitlab-foss/doc/administration/auditor_users.md

2.9 KiB

stage group info
Manage Authentication and Authorization To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments

Auditor users (PREMIUM SELF)

Users with auditor access have read-only access to all groups, projects, and other resources except:

For more information, see Auditor user permissions and restrictions section.

Situations where auditor access for users could be helpful include:

  • Your compliance department wants to run tests against the entire GitLab base to ensure users are complying with password, credit card, and other sensitive data policies. You can achieve this with auditor access without giving the compliance department user administration rights or adding them to all projects.
  • If particular users need visibility or access to most of all projects in your GitLab instance, instead of manually adding the user to all projects, you can create an account with auditor access and then share the credentials with those users to which you want to grant access.

Add a user with auditor access

To create a new user account with auditor access (or change an existing user):

To create a user account with auditor access:

  1. On the top bar, select Main menu > Admin.
  2. On the left sidebar, select Overview > Users.
  3. Create a new user or edit an existing one. Set Access Level to Auditor.
  4. If you created a user, select Create user. For an existing user, select Save changes.

To revoke auditor access from a user, follow these steps but set Access Level to Regular.

You can also give users auditor access using SAML groups.

Auditor user permissions and restrictions

Auditor access is not a read-only version of administrator access because it doesn't permit access to the Admin Area.

For access to their own resources and resources within a group or project where they are a member, users with auditor access have the same permissions as regular users.

If you are signed in with auditor access, you:

  • Have full access to projects you own.
  • Have read-only access to projects you aren't a member of.
  • Have permissions based on your role to projects you are a member of. For example, if you have the Developer role, you can push commits or comment on issues.
  • Can access the same resources using the GitLab UI or API.
  • Can't view the Admin Area, or perform any administration actions.

Maintain auditor users using API

Introduced in GitLab 15.3.

Administrators can use the GitLab API to create and modify auditor users.