mirror of
				https://github.com/telekom-security/tpotce.git
				synced 2025-10-25 17:54:44 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			1159 lines
		
	
	
	
		
			34 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
			
		
		
	
	
			1159 lines
		
	
	
	
		
			34 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
| <!DOCTYPE html>
 | |
| 
 | |
| <html class="" lang="en">
 | |
| <head prefix="og: http://ogp.me/ns#">
 | |
| <meta charset="utf-8"/>
 | |
| <meta content="IE=edge" http-equiv="X-UA-Compatible"/>
 | |
| <meta content="object" property="og:type"/>
 | |
| <meta content="GitLab" property="og:site_name"/>
 | |
| <meta content="Permissions · User · Help" property="og:title"/>
 | |
| <meta content="GitLab Community Edition" property="og:description"/>
 | |
| <meta content="http://172.20.254.127/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" property="og:image"/>
 | |
| <meta content="64" property="og:image:width"/>
 | |
| <meta content="64" property="og:image:height"/>
 | |
| <meta content="http://172.20.254.127/help/user/permissions.md" property="og:url"/>
 | |
| <meta content="summary" property="twitter:card"/>
 | |
| <meta content="Permissions · User · Help" property="twitter:title"/>
 | |
| <meta content="GitLab Community Edition" property="twitter:description"/>
 | |
| <meta content="http://172.20.254.127/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" property="twitter:image"/>
 | |
| <title>Permissions · User · Help · GitLab</title>
 | |
| <meta content="GitLab Community Edition" name="description"/>
 | |
| <link data-original-href="/assets/favicon-7901bd695fb93edb07975966062049829afb56cf11511236e61bcf425070e36e.png" href="/assets/favicon-7901bd695fb93edb07975966062049829afb56cf11511236e61bcf425070e36e.png" id="favicon" rel="shortcut icon" type="image/png"/>
 | |
| <link href="/assets/application-266f2bfa52ff531258d13c702895a14fd5994ca591fa2df7338da00ab18c99ac.css" media="all" rel="stylesheet"/>
 | |
| <link href="/assets/print-c8ff536271f8974b8a9a5f75c0ca25d2b8c1dceb4cff3c01d1603862a0bdcbfc.css" media="print" rel="stylesheet"/>
 | |
| <script>
 | |
| //<![CDATA[
 | |
| window.gon={};gon.api_version="v4";gon.default_avatar_url="http://172.20.254.127/assets/no_avatar-849f9c04a3a0d0cea2424ae97b27447dc64a7dbfae83c036c45b403392f0e8ba.png";gon.max_file_size=10;gon.asset_host=null;gon.webpack_public_path="/assets/webpack/";gon.relative_url_root="";gon.shortcuts_path="/help/shortcuts";gon.user_color_scheme="white";gon.gitlab_url="http://172.20.254.127";gon.revision="63daf37";gon.gitlab_logo="/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png";gon.sprite_icons="/assets/icons-07542808fffaf82e9b57b144464ea42620b32f65ce441c01528d23d4b96d5f11.svg";gon.sprite_file_icons="/assets/file_icons-7262fc6897e02f1ceaf8de43dc33afa5e4f9a2067f4f68ef77dcc87946575e9e.svg";gon.emoji_sprites_css_path="/assets/emoji_sprites-289eccffb1183c188b630297431be837765d9ff4aed6130cf738586fb307c170.css";gon.test_env=false;gon.suggested_label_colors=["#0033CC","#428BCA","#44AD8E","#A8D695","#5CB85C","#69D100","#004E00","#34495E","#7F8C8D","#A295D6","#5843AD","#8E44AD","#FFECDB","#AD4363","#D10069","#CC0033","#FF0000","#D9534F","#D1D100","#F0AD4E","#AD8D43"];
 | |
| //]]>
 | |
| </script>
 | |
| <script defer="defer" src="/assets/webpack/runtime.9fcb75d4.bundle.js"></script>
 | |
| <script defer="defer" src="/assets/webpack/main.a66b6c66.chunk.js"></script>
 | |
| <script defer="defer" src="/assets/webpack/pages.help.show.c42c0700.chunk.js"></script>
 | |
| <meta content="authenticity_token" name="csrf-param">
 | |
| <meta content="3Bir6rTYdJpbOVWlfiVt1Y1+ZnpA3YsIdNqcioHS4hedW5su+7+VZHyiQw+Mxb07bc9U3WOJPRrjQui3a8ph0g==" name="csrf-token">
 | |
| <meta content="origin-when-cross-origin" name="referrer"/>
 | |
| <meta content="width=device-width, initial-scale=1, maximum-scale=1" name="viewport"/>
 | |
| <meta content="#474D57" name="theme-color"/>
 | |
| <link href="/assets/touch-icon-iphone-5a9cee0e8a51212e70b90c87c12f382c428870c0ff67d1eb034d884b78d2dae7.png" rel="apple-touch-icon" type="image/x-icon"/>
 | |
| <link href="/assets/touch-icon-ipad-a6eec6aeb9da138e507593b464fdac213047e49d3093fc30e90d9a995df83ba3.png" rel="apple-touch-icon" sizes="76x76" type="image/x-icon"/>
 | |
| <link href="/assets/touch-icon-iphone-retina-72e2aadf86513a56e050e7f0f2355deaa19cc17ed97bbe5147847f2748e5a3e3.png" rel="apple-touch-icon" sizes="120x120" type="image/x-icon"/>
 | |
| <link href="/assets/touch-icon-ipad-retina-8ebe416f5313483d9c1bc772b5bbe03ecad52a54eba443e5215a22caed2a16a2.png" rel="apple-touch-icon" sizes="152x152" type="image/x-icon"/>
 | |
| <link color="rgb(226, 67, 41)" href="/assets/logo-d36b5212042cebc89b96df4bf6ac24e43db316143e89926c0db839ff694d2de4.svg" rel="mask-icon"/>
 | |
| <meta content="/assets/msapplication-tile-1196ec67452f618d39cdd85e2e3a542f76574c071051ae7effbfde01710eb17d.png" name="msapplication-TileImage"/>
 | |
| <meta content="#30353E" name="msapplication-TileColor"/>
 | |
| </meta></meta></head>
 | |
| <body class="ui-indigo " data-group="" data-page="help:show" data-project="">
 | |
| <header class="navbar navbar-gitlab qa-navbar navbar-expand-sm">
 | |
| <a class="sr-only gl-accessibility" href="#content-body" tabindex="1">Skip to content</a>
 | |
| <div class="container-fluid">
 | |
| <div class="header-content">
 | |
| <div class="title-container">
 | |
| <h1 class="title">
 | |
| <a href="/" id="logo" title="Dashboard"><svg class="tanuki-logo" height="24" viewbox="0 0 36 36" width="24">
 | |
| <path class="tanuki-shape tanuki-left-ear" d="M2 14l9.38 9v-9l-4-12.28c-.205-.632-1.176-.632-1.38 0z" fill="#e24329"></path>
 | |
| <path class="tanuki-shape tanuki-right-ear" d="M34 14l-9.38 9v-9l4-12.28c.205-.632 1.176-.632 1.38 0z" fill="#e24329"></path>
 | |
| <path class="tanuki-shape tanuki-nose" d="M18,34.38 3,14 33,14 Z" fill="#e24329"></path>
 | |
| <path class="tanuki-shape tanuki-left-eye" d="M18,34.38 11.38,14 2,14 6,25Z" fill="#fc6d26"></path>
 | |
| <path class="tanuki-shape tanuki-right-eye" d="M18,34.38 24.62,14 34,14 30,25Z" fill="#fc6d26"></path>
 | |
| <path class="tanuki-shape tanuki-left-cheek" d="M2 14L.1 20.16c-.18.565 0 1.2.5 1.56l17.42 12.66z" fill="#fca326"></path>
 | |
| <path class="tanuki-shape tanuki-right-cheek" d="M34 14l1.9 6.16c.18.565 0 1.2-.5 1.56L18 34.38z" fill="#fca326"></path>
 | |
| </svg>
 | |
| <span class="logo-text d-none d-sm-block">
 | |
| <svg viewbox="0 0 617 169" xmlns="http://www.w3.org/2000/svg"><path d="M315.26 2.97h-21.8l.1 162.5h88.3v-20.1h-66.5l-.1-142.4M465.89 136.95c-5.5 5.7-14.6 11.4-27 11.4-16.6 0-23.3-8.2-23.3-18.9 0-16.1 11.2-23.8 35-23.8 4.5 0 11.7.5 15.4 1.2v30.1h-.1m-22.6-98.5c-17.6 0-33.8 6.2-46.4 16.7l7.7 13.4c8.9-5.2 19.8-10.4 35.5-10.4 17.9 0 25.8 9.2 25.8 24.6v7.9c-3.5-.7-10.7-1.2-15.1-1.2-38.2 0-57.6 13.4-57.6 41.4 0 25.1 15.4 37.7 38.7 37.7 15.7 0 30.8-7.2 36-18.9l4 15.9h15.4v-83.2c-.1-26.3-11.5-43.9-44-43.9M557.63 149.1c-8.2 0-15.4-1-20.8-3.5V70.5c7.4-6.2 16.6-10.7 28.3-10.7 21.1 0 29.2 14.9 29.2 39 0 34.2-13.1 50.3-36.7 50.3m9.2-110.6c-19.5 0-30 13.3-30 13.3v-21l-.1-27.8h-21.3l.1 158.5c10.7 4.5 25.3 6.9 41.2 6.9 40.7 0 60.3-26 60.3-70.9-.1-35.5-18.2-59-50.2-59M77.9 20.6c19.3 0 31.8 6.4 39.9 12.9l9.4-16.3C114.5 6 97.3 0 78.9 0 32.5 0 0 28.3 0 85.4c0 59.8 35.1 83.1 75.2 83.1 20.1 0 37.2-4.7 48.4-9.4l-.5-63.9V75.1H63.6v20.1h38l.5 48.5c-5 2.5-13.6 4.5-25.3 4.5-32.2 0-53.8-20.3-53.8-63-.1-43.5 22.2-64.6 54.9-64.6M231.43 2.95h-21.3l.1 27.3v94.3c0 26.3 11.4 43.9 43.9 43.9 4.5 0 8.9-.4 13.1-1.2v-19.1c-3.1.5-6.4.7-9.9.7-17.9 0-25.8-9.2-25.8-24.6v-65h35.7v-17.8h-35.7l-.1-38.5M155.96 165.47h21.3v-124h-21.3v124M155.96 24.37h21.3V3.07h-21.3v21.3"></path></svg>
 | |
| </span>
 | |
| </a></h1>
 | |
| <ul class="list-unstyled navbar-sub-nav">
 | |
| <li class="home"><a class="dashboard-shortcuts-projects" href="/explore" title="Projects">Projects
 | |
| </a></li><li class=""><a class="dashboard-shortcuts-groups" href="/explore/groups" title="Groups">Groups
 | |
| </a></li><li class=""><a class="dashboard-shortcuts-snippets" href="/explore/snippets" title="Snippets">Snippets
 | |
| </a></li><li>
 | |
| <a href="/help" title="About GitLab CE">Help</a>
 | |
| </li>
 | |
| </ul>
 | |
| </div>
 | |
| <div class="navbar-collapse collapse">
 | |
| <ul class="nav navbar-nav">
 | |
| <li class="nav-item d-none d-sm-none d-md-block m-auto">
 | |
| <div class="search search-form">
 | |
| <form accept-charset="UTF-8" action="/search" class="form-inline" method="get"><input name="utf8" type="hidden" value="✓"/><div class="search-input-container">
 | |
| <div class="search-input-wrap">
 | |
| <div class="dropdown" data-url="/search/autocomplete">
 | |
| <input aria-label="Search" autocomplete="off" class="search-input dropdown-menu-toggle no-outline js-search-dashboard-options" data-issues-path="/dashboard/issues" data-mr-path="/dashboard/merge_requests" id="search" name="search" placeholder="Search" spellcheck="false" tabindex="1" type="search"/>
 | |
| <button class="hidden js-dropdown-search-toggle" data-toggle="dropdown" type="button"></button>
 | |
| <div class="dropdown-menu dropdown-select">
 | |
| <div class="dropdown-content"><ul>
 | |
| <li class="dropdown-menu-empty-item">
 | |
| <a>
 | |
| Loading...
 | |
| </a>
 | |
| </li>
 | |
| </ul>
 | |
| </div><div class="dropdown-loading"><i aria-hidden="true" class="fa fa-spinner fa-spin" data-hidden="true"></i></div>
 | |
| </div>
 | |
| <svg class="s16 search-icon"><use xlink:href="/assets/icons-07542808fffaf82e9b57b144464ea42620b32f65ce441c01528d23d4b96d5f11.svg#search"></use></svg>
 | |
| <svg class="s16 clear-icon js-clear-input"><use xlink:href="/assets/icons-07542808fffaf82e9b57b144464ea42620b32f65ce441c01528d23d4b96d5f11.svg#close"></use></svg>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| <input class="js-search-group-options" id="group_id" name="group_id" type="hidden"/>
 | |
| <input class="js-search-project-options" id="search_project_id" name="project_id" type="hidden" value=""/>
 | |
| <input id="repository_ref" name="repository_ref" type="hidden"/>
 | |
| <div class="search-autocomplete-opts hide" data-autocomplete-path="/search/autocomplete"></div>
 | |
| </form></div>
 | |
| </li>
 | |
| <li class="nav-item d-inline-block d-sm-none d-md-none">
 | |
| <a aria-label="Search" data-container="body" data-placement="bottom" data-toggle="tooltip" href="/search" title="Search"><svg class="s16"><use xlink:href="/assets/icons-07542808fffaf82e9b57b144464ea42620b32f65ce441c01528d23d4b96d5f11.svg#search"></use></svg>
 | |
| </a></li>
 | |
| <li class="nav-item">
 | |
| <div>
 | |
| <a class="btn btn-sign-in" href="/users/sign_in?redirect_to_referer=yes">Sign in / Register</a>
 | |
| </div>
 | |
| </li>
 | |
| </ul>
 | |
| </div>
 | |
| <button class="navbar-toggler d-block d-sm-none" type="button">
 | |
| <span class="sr-only">Toggle navigation</span>
 | |
| <svg class="s12 more-icon js-navbar-toggle-right"><use xlink:href="/assets/icons-07542808fffaf82e9b57b144464ea42620b32f65ce441c01528d23d4b96d5f11.svg#more"></use></svg>
 | |
| <svg class="s12 close-icon js-navbar-toggle-left"><use xlink:href="/assets/icons-07542808fffaf82e9b57b144464ea42620b32f65ce441c01528d23d4b96d5f11.svg#close"></use></svg>
 | |
| </button>
 | |
| </div>
 | |
| </div>
 | |
| </header>
 | |
| <div class="layout-page">
 | |
| <div class="content-wrapper">
 | |
| <div class="mobile-overlay"></div>
 | |
| <div class="alert-wrapper">
 | |
| <nav class="breadcrumbs container-fluid container-limited" role="navigation">
 | |
| <div class="breadcrumbs-container">
 | |
| <div class="breadcrumbs-links js-title-container">
 | |
| <ul class="list-unstyled breadcrumbs-list js-breadcrumbs-list">
 | |
| <li><a href="/help">Help</a><svg class="s8 breadcrumbs-list-angle"><use xlink:href="/assets/icons-07542808fffaf82e9b57b144464ea42620b32f65ce441c01528d23d4b96d5f11.svg#angle-right"></use></svg></li>
 | |
| <li>
 | |
| <h2 class="breadcrumbs-sub-title"><a href="/help/user/permissions.md">Help</a></h2>
 | |
| </li>
 | |
| </ul>
 | |
| </div>
 | |
| </div>
 | |
| </nav>
 | |
| <div class="flash-container flash-container-page">
 | |
| </div>
 | |
| </div>
 | |
| <div class="container-fluid container-limited ">
 | |
| <div class="content" id="content-body">
 | |
| <div class="documentation wiki prepend-top-default">
 | |
| <h1 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#permissions" id="user-content-permissions"></a>Permissions</h1>
 | |
| <p dir="auto">Users have different abilities depending on the access level they have in a
 | |
| particular group or project. If a user is both in a group's project and the
 | |
| project itself, the highest permission level is used.</p>
 | |
| <p dir="auto">On public and internal projects the Guest role is not enforced. All users will
 | |
| be able to create issues, leave comments, and clone or download the project code.</p>
 | |
| <p dir="auto">When a member leaves the team all the assigned <a href="/project/issues/index.md">Issues</a> and <a href="/project/merge_requests/index.md">Merge Requests</a>
 | |
| will be unassigned automatically.</p>
 | |
| <p dir="auto">GitLab <a href="../README.md#administrator-documentation">administrators</a> receive all permissions.</p>
 | |
| <p dir="auto">To add or import a user, you can follow the
 | |
| <a href="/user/project/members/index.md">project members documentation</a>.</p>
 | |
| <h2 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#principles-behind-permissions" id="user-content-principles-behind-permissions"></a>Principles behind permissions</h2>
 | |
| <p dir="auto">See our <a href="https://about.gitlab.com/handbook/product#permissions-in-gitlab" rel="nofollow noreferrer noopener" target="_blank">product handbook on permissions</a></p>
 | |
| <h2 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#project-members-permissions" id="user-content-project-members-permissions"></a>Project members permissions</h2>
 | |
| <p dir="auto">NOTE: <strong>Note:</strong>
 | |
| In GitLab 11.0, the Master role was renamed to Maintainer.</p>
 | |
| <p dir="auto">The following table depicts the various user permission levels in a project.</p>
 | |
| <table dir="auto">
 | |
| <thead>
 | |
| <tr>
 | |
| <th>Action</th>
 | |
| <th>Guest</th>
 | |
| <th>Reporter</th>
 | |
| <th>Developer</th>
 | |
| <th>Maintainer</th>
 | |
| <th>Owner</th>
 | |
| </tr>
 | |
| </thead>
 | |
| <tbody>
 | |
| <tr>
 | |
| <td>Create new issue</td>
 | |
| <td>✓ </td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Create confidential issue</td>
 | |
| <td>✓ </td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>View confidential issues</td>
 | |
| <td>(✓) </td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Leave comments</td>
 | |
| <td>✓ </td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Lock issue discussions</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Lock merge request discussions</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>See a list of jobs</td>
 | |
| <td>✓ </td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>See a job log</td>
 | |
| <td>✓ </td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Download and browse job artifacts</td>
 | |
| <td>✓ </td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>View wiki pages</td>
 | |
| <td>✓ </td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Pull project code</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Download project</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Assign issues</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Assign merge requests</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Label issues and merge requests</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Create code snippets</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Manage issue tracker</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Manage labels</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>See a commit status</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>See a container registry</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>See environments</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>See a list of merge requests</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Manage related issues <strong>[STARTER]</strong>
 | |
| </td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Lock issue discussions</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Lock merge request discussions</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Create new environments</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Stop environments</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Manage/Accept merge requests</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Create new merge request</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Create new branches</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Push to non-protected branches</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Force push to non-protected branches</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Remove non-protected branches</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Add tags</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Write a wiki</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Cancel and retry jobs</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Create or update commit status</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Update a container registry</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Remove a container registry image</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Create/edit/delete project milestones</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Use environment terminals</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Add new team members</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Push to protected branches</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Enable/disable branch protection</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Turn on/off protected branch push for devs</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Enable/disable tag protections</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Rewrite/remove Git tags</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Edit project</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Add deploy keys to project</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Configure project hooks</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Manage Runners</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Manage job triggers</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Manage variables</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Manage GitLab Pages</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Manage GitLab Pages domains and certificates</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Remove GitLab Pages</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Manage clusters</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Edit comments (posted by any user)</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Switch visibility level</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Transfer project to another namespace</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Remove project</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Delete issues</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Remove pages</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Force push to protected branches </td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Remove protected branches </td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>View project Audit Events</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| </tbody>
 | |
| </table>
 | |
| <h2 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#project-features-permissions" id="user-content-project-features-permissions"></a>Project features permissions</h2>
 | |
| <h3 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#wiki-and-issues" id="user-content-wiki-and-issues"></a>Wiki and issues</h3>
 | |
| <p dir="auto">Project features like wiki and issues can be hidden from users depending on
 | |
| which visibility level you select on project settings.</p>
 | |
| <ul dir="auto">
 | |
| <li>Disabled: disabled for everyone</li>
 | |
| <li>Only team members: only team members will see even if your project is public or internal</li>
 | |
| <li>Everyone with access: everyone can see depending on your project visibility level</li>
 | |
| </ul>
 | |
| <h3 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#protected-branches" id="user-content-protected-branches"></a>Protected branches</h3>
 | |
| <p dir="auto">To prevent people from messing with history or pushing code without
 | |
| review, we've created protected branches. Read through the documentation on
 | |
| <a href="/project/protected_branches.md">protected branches</a>
 | |
| to learn more.</p>
 | |
| <p dir="auto">Additionally, you can allow or forbid users with Maintainer and/or
 | |
| Developer permissions to push to a protected branch. Read through the documentation on
 | |
| <a href="project/protected_branches.md#using-the-allowed-to-merge-and-allowed-to-push-settings">Allowed to Merge and Allowed to Push settings</a>
 | |
| to learn more.</p>
 | |
| <h3 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#cycle-analytics-permissions" id="user-content-cycle-analytics-permissions"></a>Cycle Analytics permissions</h3>
 | |
| <p dir="auto">Find the current permissions on the Cycle Analytics dashboard on
 | |
| the <a href="project/cycle_analytics.md#permissions">documentation on Cycle Analytics permissions</a>.</p>
 | |
| <h3 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#issue-board-permissions" id="user-content-issue-board-permissions"></a>Issue Board permissions</h3>
 | |
| <p dir="auto">Developers and users with higher permission level can use all
 | |
| the functionality of the Issue Board, that is create/delete lists
 | |
| and drag issues around. Read though the
 | |
| <a href="project/issue_board.md#permissions">documentation on Issue Boards permissions</a>
 | |
| to learn more.</p>
 | |
| <h3 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#file-locking-permissions-premium" id="user-content-file-locking-permissions-premium"></a>File Locking permissions <strong>[PREMIUM]</strong>
 | |
| </h3>
 | |
| <p dir="auto">The user that locks a file or directory is the only one that can edit and push their changes back to the repository where the locked objects are located.</p>
 | |
| <p dir="auto">Read through the documentation on <a href="https://docs.gitlab.com/ee/user/project/file_lock.html#permissions-on-file-locking" rel="nofollow noreferrer noopener" target="_blank">permissions for File Locking</a> to learn more.</p>
 | |
| <h3 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#confidential-issues-permissions" id="user-content-confidential-issues-permissions"></a>Confidential Issues permissions</h3>
 | |
| <p dir="auto">Confidential issues can be accessed by reporters and higher permission levels,
 | |
| as well as by guest users that create a confidential issue. To learn more,
 | |
| read through the documentation on <a href="project/issues/confidential_issues.md#permissions-and-access-to-confidential-issues">permissions and access to confidential issues</a>.</p>
 | |
| <h2 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#group-members-permissions" id="user-content-group-members-permissions"></a>Group members permissions</h2>
 | |
| <p dir="auto">NOTE: <strong>Note:</strong>
 | |
| In GitLab 11.0, the Master role was renamed to Maintainer.</p>
 | |
| <p dir="auto">Any user can remove themselves from a group, unless they are the last Owner of
 | |
| the group. The following table depicts the various user permission levels in a
 | |
| group.</p>
 | |
| <table dir="auto">
 | |
| <thead>
 | |
| <tr>
 | |
| <th>Action</th>
 | |
| <th>Guest</th>
 | |
| <th>Reporter</th>
 | |
| <th>Developer</th>
 | |
| <th>Maintainer</th>
 | |
| <th>Owner</th>
 | |
| </tr>
 | |
| </thead>
 | |
| <tbody>
 | |
| <tr>
 | |
| <td>Browse group</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Edit group</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Create subgroup</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Create project in group</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Manage group members</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Remove group</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Manage group labels</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Create/edit/delete group milestones</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>View private group epic <strong>[ULTIMATE]</strong>
 | |
| </td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>View internal group epic <strong>[ULTIMATE]</strong>
 | |
| </td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>View public group epic <strong>[ULTIMATE]</strong>
 | |
| </td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Create/edit group epic <strong>[ULTIMATE]</strong>
 | |
| </td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Delete group epic <strong>[ULTIMATE]</strong>
 | |
| </td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>View group Audit Events</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| </tbody>
 | |
| </table>
 | |
| <h3 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#subgroup-permissions" id="user-content-subgroup-permissions"></a>Subgroup permissions</h3>
 | |
| <p dir="auto">When you add a member to a subgroup, they inherit the membership and
 | |
| permission level from the parent group. This model allows access to
 | |
| nested groups if you have membership in one of its parents.</p>
 | |
| <p dir="auto">To learn more, read through the documentation on
 | |
| <a href="group/subgroups/index.md#membership">subgroups memberships</a>.</p>
 | |
| <h2 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#external-users-permissions" id="user-content-external-users-permissions"></a>External users permissions</h2>
 | |
| <p dir="auto">In cases where it is desired that a user has access only to some internal or
 | |
| private projects, there is the option of creating <strong>External Users</strong>. This
 | |
| feature may be useful when for example a contractor is working on a given
 | |
| project and should only have access to that project.</p>
 | |
| <p dir="auto">External users can only access projects to which they are explicitly granted
 | |
| access, thus hiding all other internal or private ones from them. Access can be
 | |
| granted by adding the user as member to the project or group.</p>
 | |
| <p dir="auto">They will, like usual users, receive a role in the project or group with all
 | |
| the abilities that are mentioned in the table above. They cannot however create
 | |
| groups or projects, and they have the same access as logged out users in all
 | |
| other cases.</p>
 | |
| <p dir="auto">An administrator can flag a user as external <a href="/api/users.md">through the API</a>
 | |
| or by checking the checkbox on the admin panel. As an administrator, navigate
 | |
| to <strong>Admin > Users</strong> to create a new user or edit an existing one. There, you
 | |
| will find the option to flag the user as external.</p>
 | |
| <p dir="auto">By default new users are not set as external users. This behavior can be changed
 | |
| by an administrator under <strong>Admin > Application Settings</strong>.</p>
 | |
| <h2 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#auditor-users-premium-only" id="user-content-auditor-users-premium-only"></a>Auditor users <strong>[PREMIUM ONLY]</strong>
 | |
| </h2>
 | |
| <blockquote dir="auto">
 | |
| <p><a href="https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/998" rel="nofollow noreferrer noopener" target="_blank">Introduced</a> in <a href="https://about.gitlab.com/pricing/" rel="nofollow noreferrer noopener" target="_blank">GitLab Premium</a> 8.17.</p>
 | |
| </blockquote>
 | |
| <p dir="auto">Auditor users are given read-only access to all projects, groups, and other
 | |
| resources on the GitLab instance.</p>
 | |
| <p dir="auto">An Auditor user should be able to access all projects and groups of a GitLab instance
 | |
| with the permissions described on the documentation on <a href="https://docs.gitlab.com/ee/administration/auditor_users.html#permissions-and-restrictions-of-an-auditor-user" rel="nofollow noreferrer noopener" target="_blank">auditor users permissions</a>.</p>
 | |
| <p dir="auto"><a href="https://docs.gitlab.com/ee/administration/auditor_users.html" rel="nofollow noreferrer noopener" target="_blank">Read more about Auditor users.</a></p>
 | |
| <h2 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#project-features" id="user-content-project-features"></a>Project features</h2>
 | |
| <p dir="auto">Project features like wiki and issues can be hidden from users depending on
 | |
| which visibility level you select on project settings.</p>
 | |
| <ul dir="auto">
 | |
| <li>Disabled: disabled for everyone</li>
 | |
| <li>Only team members: only team members will see even if your project is public or internal</li>
 | |
| <li>Everyone with access: everyone can see depending on your project visibility level</li>
 | |
| </ul>
 | |
| <h2 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#gitlab-cicd-permissions" id="user-content-gitlab-cicd-permissions"></a>GitLab CI/CD permissions</h2>
 | |
| <p dir="auto">NOTE: <strong>Note:</strong>
 | |
| In GitLab 11.0, the Master role was renamed to Maintainer.</p>
 | |
| <p dir="auto">GitLab CI/CD permissions rely on the role the user has in GitLab. There are four
 | |
| permission levels in total:</p>
 | |
| <ul dir="auto">
 | |
| <li>admin</li>
 | |
| <li>maintainer</li>
 | |
| <li>developer</li>
 | |
| <li>guest/reporter</li>
 | |
| </ul>
 | |
| <p dir="auto">The admin user can perform any action on GitLab CI/CD in scope of the GitLab
 | |
| instance and project. In addition, all admins can use the admin interface under
 | |
| <code>/admin/runners</code>.</p>
 | |
| <table dir="auto">
 | |
| <thead>
 | |
| <tr>
 | |
| <th>Action</th>
 | |
| <th>Guest, Reporter</th>
 | |
| <th>Developer</th>
 | |
| <th>Maintainer</th>
 | |
| <th>Admin</th>
 | |
| </tr>
 | |
| </thead>
 | |
| <tbody>
 | |
| <tr>
 | |
| <td>See commits and jobs</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Retry or cancel job</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Erase job artifacts and trace</td>
 | |
| <td></td>
 | |
| <td>✓ </td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Remove project</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Create project</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Change project configuration</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Add specific runners</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Add shared runners</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>See events in the system</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Admin interface</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| </tbody>
 | |
| </table>
 | |
| <h3 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#job-permissions" id="user-content-job-permissions"></a>Job permissions</h3>
 | |
| <p dir="auto">NOTE: <strong>Note:</strong>
 | |
| In GitLab 11.0, the Master role was renamed to Maintainer.</p>
 | |
| <blockquote dir="auto">
 | |
| <p><strong>Note:</strong>
 | |
| GitLab 8.12 has a completely redesigned job permissions system.
 | |
| Read all about the <a href="/project/new_ci_build_permissions_model.md">new model and its implications</a>.</p>
 | |
| </blockquote>
 | |
| <p dir="auto">This table shows granted privileges for jobs triggered by specific types of
 | |
| users:</p>
 | |
| <table dir="auto">
 | |
| <thead>
 | |
| <tr>
 | |
| <th>Action</th>
 | |
| <th>Guest, Reporter</th>
 | |
| <th>Developer</th>
 | |
| <th>Maintainer</th>
 | |
| <th>Admin</th>
 | |
| </tr>
 | |
| </thead>
 | |
| <tbody>
 | |
| <tr>
 | |
| <td>Run CI job</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Clone source and LFS from current project</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Clone source and LFS from public projects</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Clone source and LFS from internal projects</td>
 | |
| <td></td>
 | |
| <td>✓ </td>
 | |
| <td>✓ </td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Clone source and LFS from private projects</td>
 | |
| <td></td>
 | |
| <td>✓ </td>
 | |
| <td>✓ </td>
 | |
| <td>✓ </td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Push source and LFS</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Pull container images from current project</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Pull container images from public projects</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Pull container images from internal projects</td>
 | |
| <td></td>
 | |
| <td>✓ </td>
 | |
| <td>✓ </td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Pull container images from private projects</td>
 | |
| <td></td>
 | |
| <td>✓ </td>
 | |
| <td>✓ </td>
 | |
| <td>✓ </td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Push container images to current project</td>
 | |
| <td></td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| <td>✓</td>
 | |
| </tr>
 | |
| <tr>
 | |
| <td>Push container images to other projects</td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| <td></td>
 | |
| </tr>
 | |
| </tbody>
 | |
| </table>
 | |
| <h3 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#new-ci-job-permissions-model" id="user-content-new-ci-job-permissions-model"></a>New CI job permissions model</h3>
 | |
| <p dir="auto">GitLab 8.12 has a completely redesigned job permissions system. To learn more,
 | |
| read through the documentation on the <a href="project/new_ci_build_permissions_model.md#new-ci-job-permissions-model">new CI/CD permissions model</a>.</p>
 | |
| <h2 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#running-pipelines-on-protected-branches" id="user-content-running-pipelines-on-protected-branches"></a>Running pipelines on protected branches</h2>
 | |
| <p dir="auto">The permission to merge or push to protected branches is used to define if a user can
 | |
| run CI/CD pipelines and execute actions on jobs that are related to those branches.</p>
 | |
| <p dir="auto">See <a href="../ci/pipelines.md#security-on-protected-branches">Security on protected branches</a>
 | |
| for details about the pipelines security model.</p>
 | |
| <h2 dir="auto">
 | |
| <a aria-hidden="true" class="anchor" href="#ldap-users-permissions" id="user-content-ldap-users-permissions"></a>LDAP users permissions</h2>
 | |
| <p dir="auto">Since GitLab 8.15, LDAP user permissions can now be manually overridden by an admin user.
 | |
| Read through the documentation on <a href="https://docs.gitlab.com/ee/articles/how_to_configure_ldap_gitlab_ee/index.html#updating-user-permissions-new-feature" rel="nofollow noreferrer noopener" target="_blank">LDAP users permissions</a> to learn more.</p>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| </body>
 | |
| </html>
 | 
