Enhance Flag to Prevent Direct Memberships to Projects
Release notes
Apply group access controls to projects by preventing direct memberships to projects. Users will not be able to invite individual members to projects. Users must be a member of a group with the appropriate roles that has been added to the parent group of a project.
Problem to solve
Enterprise customers have strict policies when it comes to access control and auditing. To mitigate these requirements, customers implement Identity and Access Management and single sign on solutions that integrate with GitLab. The goal is to assign permissions via Roles assigned to Groups in GitLab that are synchronised to groups in IAM groups. This increases efficiencies in onboarding and off-boarding users.
However, at present, GitLab allows users to be directly added to Projects via invitation. This breaks the defined access control via groups. This feature request is to have a configuration flag that would prevent adding members directly to projects.
Proposal
Under Group Settings -> General -> Permissions and group features shown below,
The flag Prevent adding new members to projects within this group only applies at the group level.
Proposal is to enhance this Group level Flag to enforce this at project level as well by default, for both existing and newly created projects under the group.
Intended users
- System Administrator
- Development Team Lead
- Security Analyst
Feature Usage Metrics
Under separation of duties policy implementation, the flag is to be included as part of Access Control configuration requirements for Access Control via Groups.
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.