Skip to content
Snippets Groups Projects

Role can't be changed for users not meeting domain restriction

    • Closed Issue created by Tristan @tristan

    Summary

    When a group has Allowed Domain Restriction enabled and the group contains some users whose primary email address doesn't match the restriction, the role of those users can't be changed while the restriction is active.

    Steps to reproduce

    1. Create a group on GitLab.com and apply a Silver subscription to it.
    2. Add a few users to the group that all have the same primary email address.
    3. Add a user that has a different primary email address.
    4. Enable allowed domain restriction and set the domain to the one that the first group of users use.
    5. Try changing the role of the user with the different email address.
    6. Observe that the role change doesn't save.

    Example Project

    Replicated in gitlab-gold

    What is the current bug behavior?

    The role change made to the user whose primary email address differs from the configured allowed domain restriction does not save.

    What is the expected correct behavior?

    The role change should save or there should be an error indicating that the role can't be changed because the user doesn't meet the requirements of the enabled allowed domain restriction rule.

    Output of checks

    This bug happens on GitLab.com: 13.0.0-pre 9bf75ddb8d8

    Workaround

    This issue can be worked around by temporarily disabling the allowed domain restriction setting, changing the role of the user, and then enabling it again.

    ZD: https://gitlab.zendesk.com/agent/tickets/156305 (GitLab Internal)

    Designs

      Child items ...

      2. Activity

      Please register or sign in to reply