Permissions and roles

Users have different abilities depending on the role they have in a particular group or project. If a user is both in a project’s group and the project itself, the highest role is used.

On public and internal projects, the Guest role (not to be confused with Guest user) is not enforced.

When a member leaves a team’s project, all the assigned issues and merge requests are automatically unassigned.

GitLab administrators receive all permissions.

To add or import a user, you can follow the project members documentation.

Principles behind permissions

See our product handbook on permissions.

Instance-wide user permissions

By default, users can create top-level groups and change their usernames. A GitLab administrator can configure the GitLab instance to modify this behavior.

Project members permissions

  • Introduced in GitLab 14.8, personal namespace owners appear with Owner role in new projects in their namespace. Introduced with a flag named personal_project_owner_with_owner_access. Disabled by default.
  • Generally available in GitLab 14.9. Feature flag personal_project_owner_with_owner_access removed.

A user’s role determines what permissions they have on a project. The Owner role provides all permissions but is available only:

  • For group owners. The role is inherited for a group’s projects.
  • For Administrators.

Personal namespace owners:

  • Are displayed as having the Maintainer role on projects in the namespace, but have the same permissions as a user with the Owner role.
  • In GitLab 14.9 and later, for new projects in the namespace, are displayed as having the Owner role.

For more information about how to manage project members, see members of a project.

The following table lists project permissions available for each role:

Action Guest Reporter Developer Maintainer Owner
Analytics:
View issue analytics
Analytics:
View merge request analytics
Analytics:
View value stream analytics
Analytics:
View DORA metrics
 
Analytics:
View CI/CD analytics
 
Analytics:
View code review analytics
 
Analytics:
View repository analytics
 
Application security:
View licenses in dependency list
✓ (1)
Application security:
Create and run on-demand DAST scans
   
Application security:
Manage security policy
   
Application security:
View dependency list
   
Application security:
Create a CVE ID Request
     
Application security:
Create or assign security policy project
       
Clusters:
View pod logs
   
Clusters:
View clusters
   
Clusters:
Manage clusters
     
Container Registry:
Create, edit, delete cleanup policies
     
Container Registry:
Push an image to the Container Registry
   
Container Registry:
Pull an image from the Container Registry
✓ (20) ✓ (20)
Container Registry:
Remove a Container Registry image
   
GitLab Pages:
View Pages protected by access control
GitLab Pages:
Manage
     
GitLab Pages:
Manage GitLab Pages domains and certificates
     
GitLab Pages:
Remove GitLab Pages
     
Incident Management:
View alerts
 
Incident Management:
Assign an alert
Incident Management:
View incident
Incident Management:
Create incident
(16)
Incident Management:
View on-call schedules
 
Incident Management:
Participate in on-call rotation
Incident Management:
View escalation policies
 
Incident Management:
Manage on-call schedules
     
Incident Management:
Manage escalation policies
     
Issues:
Add Labels
✓ (15)
Issues:
Assign
✓ (15)
Issues:
Create (18)
Issues:
Create confidential issues
Issues:
View Design Management pages
Issues:
View related issues
Issues:
Set weight
✓ (15)
Issues:
View confidential issues
(2)
Issues:
Close / reopen (19)
 
Issues:
Lock threads
 
Issues:
Manage related issues
 
Issues:
Manage tracker
 
Issues:
Move issues (14)
 
Issues:
Set issue time tracking estimate and time spent
 
Issues:
Archive Design Management files
   
Issues:
Upload Design Management files
   
Issues:
Delete
       
License Compliance:
View allowed and denied licenses
✓ (1)
License Compliance:
View License Compliance reports
✓ (1)
License Compliance:
View License list
 
License Compliance:
Manage license policy
     
Merge requests:
Assign reviewer
 
Merge requests:
See list
 
Merge requests:
Apply code change suggestions
   
Merge requests:
Approve (8)
   
Merge requests:
Assign
   
Merge requests:
Create (17)
   
Merge requests:
Add labels
   
Merge requests:
Lock threads
   
Merge requests:
Manage or accept
   
Merge requests:
Resolve a thread
   
Merge requests:
Manage merge approval rules (project settings)
     
Merge requests:
Delete
       
Metrics dashboards:
Manage user-starred metrics dashboards (6)
Metrics dashboards:
View metrics dashboard annotations
 
Metrics dashboards:
Create/edit/delete metrics dashboard annotations
   
Package registry:
Pull a package
✓ (1)