Skip to content

Add ability to invite all visible groups to a repository

Context

We currently automatically map user groups in our identity provider to GitLab groups. This allows us to easily tie group membership to SCM/CI/CD permissions. This is critical in our compliance story as it provides a clear link from role to ability to impact production.

In our GitLab setup, we use these groups in three ways:

  1. Inviting them to the repositories so members can contribute at the desired level.
  2. Adding them to branch/tag protection rules so we can restrict who can merge/push.
  3. Adding them to CODEOWNERS files to ensure accountable approvals are done.

Problem

As we are rolling out this SOC2 feature across our teams, we found that folks are unable to invite groups they are not members of. Only GitLab admins can invite all teams. Thanks to @cupini, I found that this is expected behavior: gitlab-foss#27907 (closed)

This makes it impossible for teams to self-service manage access to their own repositories.

Proposal

Please allow users to invite all visible groups to repositories they own.