FY26Q2 Dog fooding

• epic: &9265
• milestones: %18.1, %18.2, %18.3

GitLab is rebuilding how users and projects are organized to handle growth and support different customer needs better. Instead of everyone sharing one big system, we're moving to separate Organizations where users and their work stay contained within boundaries.

The dog fooding target lets GitLab employees test this new setup before customers see it. Our team members can work across multiple test organizations on the legacy cell, helping us find problems and validate that core features work correctly.

This work will deliver:

1. GitLab Team members will be able to create their own Organizations.
2. They will be able to switch into the Organization.
3. The switch mechanism will define an Organization context.
4. The Organization context will be pushed down into a Row Level Security (RLS) POC
5. The RLS POC will:
   1. Implement an RLS Policy on one very small table
   2. Define the Organization ID through the application_name parameter
   3. Interoperate with PgBouncer
   4. Establish a process to continue RLS for more tables
      1. Define fail safe processes in case of runtime problems
      2. Define measurement procedures to validate performance

In this quarter there will also be ongoing sharding work.

There is the following critical path identified:

Isolating AJAX Queries

There's a very important path here where we can demonstrate an isolated experience to GitLab Team Members when they setup their new Organization. Implementation of these issues will prevent many important references from appearing outside the current Organization.

1. Include current organization id with frontend r... (#541693 - closed)
2. Set current Organization by header (#548319 - closed)
3. Filter GraphQL results by Current.organization (#549472 - closed)

Finalizing Dog Fooding

Development

• #557848 (closed)
• !198437 (merged)
• !198648 (merged)
• !200908 (merged)

Roll out

• #549062 (closed)
• Global enable #556359 (closed)
• Page with info for GitLab Team Members
• Demo
  • For GTS (not through GitLab Unfiltered) - https://youtu.be/dVHYnY6CpXk
  • For GitLab Unfiltered - coming soon
• Enable for GTS & friends
  • https://gitlab.slack.com/archives/C07TWC3QX47/p1755577985583559
• FF to opt out of switcher+create
• Enable for GitLab Team

For FF roll out, we will use gitlab-team-members via https://docs.gitlab.com/development/feature_flags/#feature-groups for dog food launch. Between now and then we will enable for GTS + friends by individual usernames. Here's a script to get GTS usernames - gitlab-tenant-scale-finder.rb

Summary

Total (██░░░░░░ 28%)
  ├─ Organization settings (░░░░░░░░ 0%)
  ├─ Organization Isolation Context (░░░░░░░░ 0%)
  ├─ Organization switching (░░░░░░░░ 0%)
  ├─ Organization Isolation Through RLS (░░░░░░░░ 0%)
  ├─ Restructure GitLab Schemas for Organization Isolation (░░░░░░░░ 0%)
  ├─ Features at Organization Level (░░░░░░░░ 0%)
  ├─ Organization groups (████░░░░ 50%)
  ├─ Minimize clusterwide tables (████░░░░ 50%)
  ├─ Database table sharding (██░░░░░░ 31%)
  └─ Organization backend essentials (████░░░░ 45%)

Issues

Period: May 10, 2025 - August 15, 2025

• Organization settings (link)

  • Issues:
    • @peterhegman Adapt Organization settings page to be more com... (#505072 - closed)

• Organization Isolation Context (link)

  • Issues:
    • Include current organization id with frontend r... (#541693 - closed)
    • Unknown Default Org Fallback code paths (#546562)

• Organization switching (link)

  • Issues:
    • Switch Organization (#437095 - closed)

• Organization Isolation Through RLS (link)

  • Issues:
    • @alexpooley Benchmark RLS locally (#541990)
    • No superuser connection (#547804)
    • Add current_organization_id database function (#541683)
    • Create non-superuser role (#541680)
    • Build RLS isolation for a single table (#547802)

• Restructure GitLab Schemas for Organization Isolation (link)

  • Issues:
    • Switch all gitlab_main_cell tables to gitlab_ma... (#491034 - closed)
    • Introduce gitlab_main_org as an alias of gitlab... (#490687 - closed)

• Features at Organization Level (link)

  • Issues:
    • @atevans Organization level Internal bot Users (#442780 - closed)

• Organization groups (link)

  • Issues:
    • Remove `columns_changing_default : organization... (#540490 - closed)
    • @smaglangit Default "Groups and projects" page display to "... (#520362 - closed)

• Minimize clusterwide tables (link)

  • Issues:
    • Move user-related tables to be `gitlab_main_user` (#505754 - closed)
    • Detect mis-categorization of `gitlab_schema` (g... (#504188 - closed)

• Database table sharding (link)

  • Issues:
    • @smaglangit Change the gitlab_schema of routes, and redirec... (#476575 - closed)
    • Drop metrics_dashboard_annotations table to sup... (#464344 - closed)
    • @chen-gitlab Column snippet_user_mentions.organization_id sh... (#517825 - closed)
    • @chen-gitlab Column bulk_import_failures.organization_id sho... (#517824 - closed)
    • @chen-gitlab Column bulk_import_trackers.organization_id sho... (#517823 - closed)
    • @IP1102 Validate foreign key on routes.namespace_id (#525273 - closed)
    • Async validate routes.namespace_id foreign key (#535947 - closed)
    • Finalize DeleteOrphanedRoutes migration (#535946 - closed)
    • Column organization_id on runner tables should ... (#525293 - closed)
    • @vwolanyk Fix sharding key for `p_ci_build_trace_metadata` (#526991 - closed)
    • @pshutsin Replace invalid sharding key for ai_duo_chat_ev... (#516140 - closed)
    • @nicolasdular Add sharding key for requirements_management te... (#465553 - closed)
    • @IP1102 Finalize LimitNamespaceVisibilityByOrganization... (#523370 - closed)

• Organization backend essentials (link)

  • Issues:
    • @timmccarthy Remove usages of Organizations::Organization.first (#535463)
    • @rutgerwessels Missing organization for placeholder user (#545963 - closed)
    • User belongs to an Organization (#546559 - closed)
    • User must be able to read Current.organization (#541676)
    • Remove user default organization callbacks (#443611 - closed)
    • @rutgerwessels Replace organization_users LFKs with regular FKs (#493506 - closed)
    • @chen-gitlab Rubocop to prevent ambiguous organization (#537106 - closed)
    • @abime Follow-up from "Remove custom admin roles assig... (#536383 - closed)
    • @timmccarthy Fix feature category for API endpoints (#540533 - closed)
    • track_organization_fallback not producing data (#541034 - closed)
    • @rutgerwessels Amazon Q CreateService should not rely on User ... (#544763 - closed)

---

Generated by Target Tracker