User API access for Group admins

Problem to solve

There are user related API (like Users Activities) that provides data only when with Admin access at the instance level. Currently under our group on GitLab.com we wanted to check the users and user activities through the API which we are not able to get to without Admin access.

This request is to ask for User API access for group admins on GitLab.com.

Intended users

• Delaney (Development Team Lead)
• Sidney (Systems Administrator)
• Sam (Security Analyst)

Further details

List of items should be inclusive of everything listed in our User API documentation, but especially...

• List of users in the group.
• Email address of users in the group.
• Last access date of users in the group.
• List of commits by users in the group.

Permissions and Security

There are definitely security issues at play here. We are giving access to user information to group Owners (and maybe Maintainers), so there would have to be some level of implied or opt-in acceptance of this on the user.

Perhaps this is something we build into our EULA when being accepted into a Private group?
Or maybe its something built into GitLab when integrating a Group with a 3rd party authentication tool.

Documentation

User API docs

What does success look like, and how can we measure that?

Success is defined when a Group admin has access to the User API for the users in their group.

What is the type of buyer?

Definitely Silver (if not Gold)

Links / references