Skip to content

Should we grant read_group permission to subgroup members?

There is an inconsistency in granting read_group permission to ancestor groups when a user is member of a subgroup vs when he is a member of subproject:

  • any project members automatically get access to ancestor groups
  • subgroup members don't get automatically access to ancestor groups

For example if I have this hierarchy of private groups:

group
 subgroup
   project

And add user1 as a member to subgroup, then he still can't read group. Then if I add project to subgroup (and user1 automatically becomes also member of project), at that moment user can see also group.

I believe it's intentional that project users get guest access to ancestor groups, but I think we should be consistent in this behavior and grant guest access to ancestor groups also to subgroup members.

This issue was discussed #20858 (comment 215112070) but I couldn't find more details or the issue which would address this specific inconsistency.

/cc @jeremy