'Gitlab: Maintainer permissions when shared group with group not working as expected
I am running a gitlab-ce instance where we solve access level on group level by sharing groups with user groups. An example:
There is a group products with a couple of projects in there. No user is directly added as member to that group. There is another group called developers. Product developers are added to developers with maintainer access.
The group products is shared with developers with a maximum role of maintainer.
With that I would assume, that I can transfer a project that I am owner of to group products. However, the list of groups I can transfer my project to only contains groups where I am a direct member with the maintainer role.
TLDR:
- Group
productsis shared with groupdeveloperswith max role maintainer - User Bob is member of
developerswith the maintainer role - Bob is owner of project
bobs_project - Bob cannot transfer
bobs_projecttoproducts(but he could transfer it todevelopers)
From my understanding of the relevant documentation Bob should have the same rights in products as someone directly added as maintainer to products. However, that seems not to be the case.
Am I missing something?
Solution 1:[1]
A few points from the documentation you reference might be relevant in your setup:
When transferring groups, note:
- You can only transfer groups to groups you manage.
- Only explicit group membership is transferred, not inherited membership. If the group’s owners have only inherited membership, this leaves the group without an owner. In this case, the user transferring the group becomes the group’s owner.
Here, Bob has inherited rights in products, not direct rights. That might explain why the group is not listed.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | VonC |