LDAP Group Management & Permission Improvements
Overview
These are notes from a customer communication. They've requested the following features be reviewed.
-
Creation and use of user groups and use these groups to assign permissions for both group level as well as project level.
a. At this time, GitLab does not allow or does not have a group of users feature like a unix group with users as members. Currently , we have to add one user at a time to every project and this is not scalable to hundreds of users.
b. We request you to allow GitLab to create member groups which we can use them to assign to a group or a project.
-
Allow certain members of LDAP group get different permissions than the same permission that everyone gets.
a. Currently when you assign say developer permission to a LDAP group, then everyone in that group gets same permission.
b. We cannot pick individual user and bump up his permission from developer to master
-
Allow LDAP group to be attached at project level.
a. Currently LDAP group can only be attached at group level.
b. We would like to attach a LDAP group at project level too, so that we can downgrade/upgrade permissions of users from that group.
-
Allow LDAP group as well as other users to be assigned permissions at group level.
a. Currently when LDAP sync is enabled, we loose the capacity to assign permission to gitlab internal user or any other user permission.
b. Gitlab should allow to add other users in addition to members found from LDAP sync and apply permissions.
In general a lot of work needs to be done to improve security and group permissions features in GitLab. Please share with us the roadmap you have related to these features as these are very important features for any large enterprise using GitLab.