Hide group members from non-group members
Release notes
An option to hide group members from non-group members is ready for group Owners. This enables Owners of the group to hide members of a public or internal group like a private group.
Problem to solve
The 2FA status of group members are visible to non-group members (including not-logged in users), which is generally considered as insecure.
Intended users
User experience goal
Any of top-level Group Owners is able to enable and disable to hide the (top-level and sub-level) group members from non-group members of the group.
Proposal
Any of top-level Group Owners is able to enable and disable to hide the (top-level and sub-level) group members from non-group members of the group.
Further details
The group members includes confidential information including 2FA and expiration date, which is harmful to the organization.
Permissions and Security
-
Add expected impact to members with no access (0) -
Add expected impact to Guest (10) members -
Add expected impact to Reporter (20) members -
Add expected impact to Developer (30) members -
Add expected impact to Maintainer (40) members -
Add expected impact to Owner (50) members
Documentation
TBD for the newly-adding contents.
This feature does not require changing permissions since we already have Edit group settings https://docs.gitlab.com/ee/user/permissions.html#group-members-permissions
Availability & Testing
- Unit test changes
- Integration test changes
- End-to-end test change
Available Tier
- Free
- Premium/Silver
- Ultimate/Gold
What does success look like, and how can we measure that?
n/a
What is the type of buyer?
n/a since this feature should be equipped in any tier.
Is this a cross-stage feature?
No.