Inconsistent behaviour for instance administrators and protected branches
Currently, if a protected branch is configured so that "No one" can push:
Then instance administrators are also prohibited from pushing.
If a protected branch is configured so that "No one" + "1 user" can push:
Then instance administrators are permitted to push.
This is a very peculiar situation. Our documentation states that admins can always push to the branch - they should be able to push in both scenarios.
There is pushback against this concept, e.g., in https://gitlab.com/gitlab-org/gitlab-ee/issues/6307 , where users would like both scenarios to forbid the instance administrator from pushing.
I (@nick.thomas
) think we should respect the documentation in this case and update the code so instance admins can push in the first case. We can use the other issue to track the counter-proposal, but the current situation is definitely a bug.
Proposal
- Add
Instance Admins
option to create and edit protected branch dropdown- Selecting this option would allow only instance admins to push
- Change
No one
behavior to allow no one to push - Update documentation to remove instance admins from the
Who can do it
table column Current settings using the optionNo one
to be migrated toInstance Admins
option
Additional TODO: !117689 (comment 1359746490)
Original description
Summary
Restricting Merge or Push access to a certain user on protected branch is granting access for all maintainers and owners
Steps to reproduce
In a project, configure a protected branch and for either "Allowed to merge" or "Allowed to push" settings, add the following: "No one" + 1 user (whoever the user part of the project)
What is the current bug behavior?
Merge or Push are not restricted to the specified user only, but to the specified user and any members of the project having a role of maintainers or more.
What is the expected correct behavior?
Only the specified user shall have the right to merge or push on the protected branch.