[BE] - Export an accurate record of users and their permissions
Release notes
Problem to solve
Customers do not have a way to pull an accurate list of permissions based on role or permission source. The current exports do not factor in membership type, inheritance location, or path.
Proposal
New User Role Export Function
Create a new export endpoint that will list all users along with their associated permissions at each group and project level. This export will be sent as CSV via email notification.
| Name | Username | Path | Role | Membership type | Membership source | Access granted | Access expires | Last activity | |
|---|---|---|---|---|---|---|---|---|---|
| {First Name} {Last Name} | {username} | {email} | {group}/{project} | {default role} or {custom role} | Direct, Inherited, Shared | {group}/{group} | {date} | {date} | {date} |
Fields
- Username/Name: There will be multiple rows for the user, because indirect/direct can result in multiple entries of access.
- Path: The current membership path such as group, subgroup, or project level.
- Role: This is the calculated and final role of the user between the three membership types.
-
Membership type
- Direct: Directly added member
- Indirect: Inherited from parent group
- Shared: Membership shared from a group
- Membership source: This value is the group or project path where the permission originates from.
- If direct: The current path of group or project where the permission is defined. {group} or {group/project}
- If indirect. The group path of where the last direct permission is defined. {group/subgroup/..}
- If shared: The group path of invited group
Example
| Name | Username | Path | Role | Membership type | Membership source | Access granted | Access expires | Last activity | |
|---|---|---|---|---|---|---|---|---|---|
| Joe Randazzo | jrandazzo | j@gitlab.com | group-a | Owner | Direct | group-a | 2024-02-01 | 2024-05-10 | |
| Joe Randazzo | jrandazzo | j@gitlab.com | group-a/group-b | Owner | Indirect | group-a | 2024-02-01 | 2024-05-10 | |
| Joe Randazzo | jrandazzo | j@gitlab.com | group-a/group-b/project-1 | Owner | Indirect | group-a | 2024-02-01 | 2024-05-10 | |
| Sarah Smith | ssmith | s@gitlab.com | group-a/group-b/project-1 | Owner | Direct | project-1 | 2024-02-01 | 2024-05-10 | |
| Jess Paige | jpaige | j@gitlab.com | group-a/group-b | Developer | Shared | group-users/devs | 2024-02-01 | 2024-05-10 |
UI (See figma file for messaging)
-
Add export button to Roles and Permissions Page -
Add modal what is included in the report -
Alerts (Success/Failure) - See designs for messaging
Permissions
- Self-managed admin or SaaS Group Owner
Resources
Proposed Export (Internal)
Edited by Jarka Košanová