Remove member_access from project policy (!215870) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Follow up to Enable Guest+ users to execute custom agents in... (!214918 - merged)

After conversing with the Authz team we realized that introducing yet another permission (member_access) could add more confusion to engineers and refactoring project policy to not enable guest_access for non-members when public is the actual fix we want.

This MR is the compromise that we found before doing the larger refactor while still keeping our codebase reasonable.

call project.member? directly
remove redundant enabled permissions

References

Screenshots or screen recordings

Before	After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Dec 10, 2025 by Jay

Remove member_access from project policy

What does this MR do and why?

References

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports