### Summary If you create a empty sub-group 'A' for user mangement. This sub-group will contain a single user 'Bob' which is owner of the empty group. If you then create a new sub-group 'B' and assign sub-group 'A' as owners of sub-group 'B' you are unable view sub-group 'B' before you have created a project inside sub-group 'B'. If you however assign 'Bob' directly as owner of sub-group 'B' he is able to view the sub-group 'B'. ### Steps to reproduce 1. Have a gitlab.com instance 2. Enable SAML SSO for Azure AD 3. Assign default authorization level 'minimal access' 4. Have an owner account of the gitlab.com instance create a sub-group 'A' 5. Assign a SAML SSO user as owner to sub-group 'A' 6. Have an owner account of the gitlab.com instance create a sub-group 'B' 7. Assign the sub-group 'A' as owners of sub-group 'B' in the members tab. 8. See if the SAML SSO user is able to view and access the empty sub-group 'B' For testing purposes create a project inside sub-group 'B'. Now the SAML SSO user should be able to see sub-group 'B' ### What is the current *bug* behavior? You are unable to view an empty group if you use group level access assignement ### What is the expected *correct* behavior? You can view the empty group by both assigning access of specific users or groups. #### Results of GitLab environment info We use SAML SSO 'minimal access' and empty gitlab groups for user management.