### Problem to solve While we have the ability to restrict users from specific domains from registering (https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/598), we should also consider adding the ability to prevent users from specific domains from being made administrators. Take GitLab.com as an example: we'd certainly like this instance to be open to users from a wide variety of email domains. However, only users with a gitlab.com email address should be allowed to be an administrator; even if a GitLabber owns the account, having an email address not associated with gitlab could open up a possible attack vector. We don't currently have this problem, but preventing administrator access for these users would be an additional and useful check. ### Proposal In the admin area, allow an instance to specify allowed domains for administrator accounts. * Attempting to promote a user using a prohibited email domain will surface an error.