Ability to define a "projects limit" by user which applies to all groups/namespaces of the user

Description

Gitlab doesn't allow to define a "projects limit" by user which applies to all the groups/namespaces of the user. Right now there is an option Personal projects limit which only applies to the personal namespace and Default projects limit which defines the same.

With the existing options if a user has permission to create new groups (which is the default) the user could create as many groups and projects as desired without any limitation even if Default projects limit=0. The options available in gitlab right now are:

  • Admin disables the option to create new groups and defines Personal projects limit=0. Then the users cannot create any project or group.

  • User has group creation permission (the default) and then the user can create as many groups and projects as desired without any limitation

Our use case it this:

We host gitlab for the research community in our university. We want that our gitlab is used only for research projects. Our gitlab validates against the central active directory in the university so potentially thousands of users can login. In order to prevent that all the users in the university start creating git repos for non-research related projects we would like that by default new gitlab accounts don't have the permission to create new gitlab projects until we grant it. If a researcher contacts us asking to use gitlab for his research project then we would grant this researcher the permission to create new groups/namespaces and create X projects in any namespace. This way the researcher could create groups like "research_project_1" and then create new projects inside but still we could limit that he cannot create as many projects as he wants to host repos not related to his research.

We were using Default projects limit until we recently realized (because some users were misusing it) that this was only limiting the projects in their personal namespace and that they could easily workaround it by just creating a new group and then create there as many gitlab projects as they want.

Our current workaround is to also disable by default the permission to create new groups so once a researcher asks for gitlab access we grant him the permission to create groups. Still, once we grant the group creation permission they can create new groups and as many projects as desired without any limitation.

Proposal

The missing option IMHO is something mid-term between the two currently available options:

  • Ability so the users can create groups but the admin can define the global limit for number of projects ( where this projects limit is the sum of all the projects created across all his groups/namespaces)

Links / references

more info in this other issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/42811