SubGroup Permissions Changes

Description

Currently my company is looking to create groups for specific programming languages. Under each Programming language there will be subgroups that will be created. We want to make the permissions as easy to manage as possible. The current permissions are difficult to manage and are not granular enough in some cases. My goal is to allow all developers the ability to read all code, pull code, limit the number of users who can push, and delegate administration to users as need with the ability to still be the Admin if there is a disregard to policy.

  1. I would like to let everyone create sub groups if they need it for a project
  2. I don't want to give everyone permissions to edit any project in the Group/Subgroups (default role is currently Reporter)
  3. Users should be able to read everything, but create new projects as needed in any sub group without being able to edit others work unless specifically given the permissions to do so. (Permissions would be in between a Developer and a Master)

Proposal

Allow and override option in the Group Member settings.

  1. On each users create radio buttons that allow the following: a. Create Groups under this Parent Group - The user who created and the Owner of the Parent Group would be added as Owners to new groups b. Create Projects under this group or any Sub Group - User would be the Owner/Master and the Owner/Master of the Parent Group would be added as well. c. Ability to Transfer Projects to this Group - Allow this user to transfer a project from another space to this Group
  2. The original Permissions that are defined in https://docs.gitlab.com/ee/user/permissions.html#group-members-permissions would still apply but this would allow some customization so that permissions on projects could be more granular and individualized while requiring less administration. Users can create projects and assign permissions as needed. While still leaving the original Master/Owner of the group as the Administrator.

Please let me know if I can supply more information. The idea is that users dont have to wait for the Owner to create a new project/group and assign them explicit permissions to manage it.

Links / references

https://docs.gitlab.com/ee/user/permissions.html#group-members-permissions https://docs.gitlab.com/ee/user/permissions.html#project-members-permissions

Edited by 🤖 GitLab Bot 🤖