Feature Request - Enable IP Address Restrictions for Subgroups

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Summary

The IP address restriction feature currently only works at the top-level group. Please extend this functionality to work at the subgroup level.

Current Limitation

IP address restrictions only available for top-level groups
Cannot apply different IP restriction policies per subgroup

Requested Feature

Extend IP address restriction functionality to subgroup level

How it should work:

Inheritance: Subgroups inherit IP restrictions from parent groups by default
Additional restrictions: Subgroups can add more restrictive IP rules (but cannot relax parent restrictions)
Scope: Same as current feature (UI, API, Git operations)

Use Cases

Example 1: Multi-office setup

Company-wide: Allow all office IPs
Engineering subgroup: Only main office IPs allowed
Marketing subgroup: Main office + VPN IPs allowed

Example 2: Project-based security

General projects: Company IPs allowed
Confidential project subgroup: Only specific secure office IPs allowed

Requirements

Add IP restriction settings UI to subgroup administration pages
Validate that subgroups cannot be less restrictive than parent groups
API support
Maintain existing top-level group functionality

Edited Aug 11, 2025 by 🤖 GitLab Bot 🤖