Prevent projects from being created outside a group using group-managed accounts
Problem
Currently, a group-managed account is still able to take action outside of their managed group - leading to user activity that isn't easily audited.
When an organization uses a self-hosted instance of GitLab, they maintain full control over the security of all projects and their users. For example, if a user sets up an undesirable project in their personal space (or one with too lax of security settings), they have the tools to address the problem directly.
With GitLab.com, they currently do not have these access rights. If one of their users accidentally creates a project with too broad of access, their only recourse currently is a DMCA take down request which can be burdensome and slow.
Proposal
When group managed accounts is enabled, a group-managed account should not be able to create or move projects anywhere except:
- Inside the managed group
- Any shared groups
This includes not allowing the user to create projects in their own personal namespace, aka: gitlab.com/username.