### Problem to solve Organizations do not have insight or reporting into what their user has access to. Organizations and administrators need to be able to audit what a user can do and not do in the GitLab to meet their compliance requirements. Often times this may be done by stitching together various APIs or scripts to come up with data, but this comes with its challenges. Customers have also complained or have relied on account team to identify what their users have access to. ### Proposal Provide the ability to centrally review user permissions across the platform. This will be broken down into the following themes: * Iteration 1: Allow any member to view permissions of a custom role that is assigned to a group or project member. * Iteration 2: Export list of users and role assignment in groups/projects. * Iteration 3: View a list of roles and assigned users ### Considerations * There are multiple views to identify what the user has access to including Members Page, Usage Quotas Page, Admin page. There are gaps in the retrieval of these reports such as membership assignment and inheritance details. These could also be potentially unified over time into Organizations level. ### Future Ideas * Ability to see sensitive resources and who has access. * Identify unused permissions based on activity. Suggest lower permission. * Inactive users * What users have access to X resource? * What users can deploy? * Egress/Ingress to Runners * View both human and non-human access ### JTDB ### Resources * [CS Tools - Group Membership Report](https://gitlab.com/gitlab-com/cs-tools/gitlab-cs-tools/gitlab-group-member-report) * [Identify inactive users](https://gitlab.com/gitlab-com/cs-tools/gitlab-cs-tools/potential-guest-users)