Group member access assignment to empty groups are not working when user has minimal access role
Summary
If you create a empty sub-group 'A' for user mangement. This sub-group will contain a single user 'Bob' which is owner of the empty group. If you then create a new sub-group 'B' and assign sub-group 'A' as owners of sub-group 'B' you are unable view sub-group 'B' before you have created a project inside sub-group 'B'. If you however assign 'Bob' directly as owner of sub-group 'B' he is able to view the sub-group 'B'.
Steps to reproduce
- Have a gitlab.com instance
- Enable SAML SSO for Azure AD
- Assign default authorization level 'minimal access'
- Have an owner account of the gitlab.com instance create a sub-group 'A'
- Assign a SAML SSO user as owner to sub-group 'A'
- Have an owner account of the gitlab.com instance create a sub-group 'B'
- Assign the sub-group 'A' as owners of sub-group 'B' in the members tab.
- See if the SAML SSO user is able to view and access the empty sub-group 'B'
For testing purposes create a project inside sub-group 'B'. Now the SAML SSO user should be able to see sub-group 'B'
What is the current bug behavior?
You are unable to view an empty group if you use group level access assignement
What is the expected correct behavior?
You can view the empty group by both assigning access of specific users or groups.
Results of GitLab environment info
We use SAML SSO 'minimal access' and empty gitlab groups for user management.