Last owner of GitLab.com group can be a bot
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Summary
On GitLab.com with SAML Group Sync configured, it is possible to add a Group link that could reduce the access level of all owners in the group.
To avoid this scenario, we deliberately do not allow reducing the role of the last owner of a group (or removing them).
An edgecase that was recently discovered was that an internal user with owner role could end up being that last owner. This results in all "human" users not having access to the group.
Steps to reproduce
It would be difficult to reproduce this because, afaik, it depends on the order that the users are demoted and that is not always the same.
Example Ticket
Internal ticket where this issue happened: https://gitlab.zendesk.com/agent/tickets/582628
What is the current bug behavior?
The last human owner is removed.
What is the expected correct behavior?
The last human owner should not be removed.
Output of checks
This bug happens on GitLab.com
Possible fixes
When reducing roles or removing users, we check for and leave the last human owner.