Customer Feedback - Granular Permissions
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
This issue is to summarize requests from customers that occurred via issue discussion and interviews in order to prioritize which aspects of customizable roles to make progress on next.
Instructions
- Use this comment template and add a comment on a permission request. Tag @jrandazzo in the comment for awareness. Reporting is used on our side for prioritization.
Current Status
Product Manager @jrandazzo tracks current progress on customizable roles here.
Known Limitations
All suggested permissions are additive on top of a base role included as part of GitLab's default permissions and roles.
Previous Manual Counts as of 2025-05-13
| Feedback | Count |
|---|---|
| General Security / Separation of Duties | 25 |
| Should be in Premium | 10 |
| Reporter - Remove access to view source code | 4 |
|
|
5 |
| Developer - Remove "Download Code" | 2 |
| Reporter - Run pipeline but not merge | 5 |
| Reporter - Give access to download container registry images | 2 |
| Reporter - Add "resolve threads" | 6 |
| Developer - Don't access feature flags | 1 |
| Developer - Add Edit CI/CD settings | 1 |
| Auditor view more things (SAML identities) | 2 |
| Maintainer - Add ability to manage group level variables | 5 |
| Developer - remove ability to view confidential issue | 1 |
| Developer - write terraform state | 15 - includes issue upvote |
| Developer - Read-Only Terraform state | 12 - includes issue upvote |
| Developer - remove ability to edit releases | 1 |
| Developer - give developer ability to manage variables | 4 |
| Developer - should not be able to delete container registry | 3 |
| Developer - remove ability to trigger job | 1 |
| Admin too permissive | 6 |
| Owner too permissive | 2 |
| Maintainer too permissive | 8 |
| Maintainer should not be able to edit a project's CI/CD settings | 4 |
| Maintainer should not be able to edit a project's security policy - COMPLETE |
2 |
| Maintainers shouldn't be allowed to become a group owner | 4 |
| Maintainer should not be able to delete a package | 1 |
| Maintainer should be able to delete a project | 2 |
| Maintainers can only give group access to minimal access user | 1 |
| Remove Maintainer all together | 1 |
| Prevent deletion of merge request, issue, test result, artifact by developer | 2 |
| Maintainer - remove ability to disable approval rules on their MRs | 2 |
| Maintainer - remove ability to change protected env | 3 |
| Maintainer - Push to protected branches | 2 |
| Maintainer - add ability to create group access tokens | 1 |
| Reporter should not be able to modify the issue board | 1 |
| Developer - Remove ability to view code | |
| Developer - remove access to deploy token | |
| Want different roles for different groups/projects | 1 |
| Developer and Maintainer - remove permission to delete images from container registry | 2 |
| Developer and Maintainer - add ability to delete project | 1 |
| Developer - create repo, but not push | 15 - issue |
| Reporter - Add "view security dashboard" | 2 |
| Reporter - Pull and push code | 2 |
| Maintainer - remove ability to manage group and project membership | 1 |
| Guest - Pull code | 2 |
| Owner - Block adding/deleting SAML group links | 1 |
| Developer - Ability manage protected environments | 1 |
| Maintainer - Transfer project | 1 |
| Developer - Create Subgroup | 1 |
Edited by 🤖 GitLab Bot 🤖