Skip to content

Add permission to grant other users Owner privileges to a project

This has come up in https://gitlab.com/gitlab-com/support-forum/issues/261 and https://gitlab.com/gitlab-org/gitlab-ce/issues/28233#note_62220577. Recently @dimitrieh wanted to move a personal project to the gitlab-com namespace. He tried to give me Maintainer privileges, but that wasn't enough permission to transfer a project. The only way we can move this project is to give @dimitrieh the right privileges to gitlab-com because he can't add me as an Owner.

For historical context, @DouweM said:

Before there were groups, a project could only have one owner: the owner of the namespace the project is in. “Owner” was not a member role, it was a fixed property of the project. Then when groups came around, a single owner for the group didn’t make sense anymore, and we added the Owner role. We didn’t add it to projects, presumably because the difference between a project master and project owner is limited to things you’d usually only want owners of the group the project is in to do anyway, like deleting it, changing visibility, and transferring it (edited)

I think it makes a lot of sense [to add this], and it would remove some confusion and inconsistency

The idea around transferring is that a project can only be transferred to a group where you already have the ability to create a project, which is limited to group masters and owners.

I think GitHub has the concept of a Transfer Request, where Dimitrie could request his project to be transferred, and Stan could accept it

Proposal

  • An Owner should be able to grant Owner permissions to other members of the project.
  • For personal namespaces:
    • Owners should be able to grant Owner status to other project members.
    • It should not be possible to downgrade the namespace owner to a role lower than Owner.
  • For groups:
    • As with other membership types, Owner roles should cascade down into subgroups and projects. It should not be possible to downgrade an inherited membership.
  • It will still be possible for other Owners to delete or transfer the project out of the original user's namespace if desired. We may want to warn the Owner in the UI when they are upgrading the member.
  • We should give the Owner role to the member associated with the personal namespace for projects in personal namespaces. (e.g. I should get Owner role for all my projects in my personal jeremy namespace).

Details

See note from Douwe on implementation thoughts: https://gitlab.com/gitlab-org/gitlab-ce/issues/44033#note_101133901

Edited by Jeremy Watson (ex-GitLab)