GitLab Documentation

Auditor users

Introduced in GitLab Enterprise Edition Premium 8.17.

Auditor users are given read-only access to all projects, groups, and other resources on the GitLab instance.

Overview

Auditor users can have full access to their own resources (projects, groups, snippets, etc.), and read-only access to all other resources, except the Admin area. To put another way, they are just regular users (who can be added to projects, create personal snippets, create milestones on their groups, etc.) who also happen to have read-only access to all projects on the system that they haven't been explicitly given access to.

The Auditor role is not a read-only version of the Admin role. Auditor users will not be able to access the project/group settings pages, or the Admin Area.

To sum up, assuming you have logged-in as an Auditor user:

For more information about what an Auditor can or can't do, see the Permissions and restrictions of an Auditor user section.

Use cases

  1. Your compliance department wants to run tests against the entire GitLab base to ensure users are complying with password, credit card, and other sensitive data policies. With Auditor users, this can be achieved very easily without resulting to tactics like giving a user admin rights or having to use the API to add them to all projects.
  2. If particular users need visibility or access to most of all projects in your GitLab instance, instead of manually adding the user to all projects, you can simply create an Auditor user and share the credentials with those that you want to grant access to.

Adding an Auditor user

  1. Create a new user or edit an existing one by navigating to Admin Area > Users. You will find the option of the access level under the 'Access' section.

    Admin Area Form

  2. Click Save changes or Create user for the changes to take effect.

To revoke the Auditor permissions from a user, simply make them a Regular user following the same steps as above.

Permissions and restrictions of an Auditor user

An Auditor user should be able to access all projects and groups of a GitLab instance, with the following permissions/restrictions: