Commit 303bec8a authored by Craig Norris's avatar Craig Norris

Add metadata and small style fixes

Primarily adds "unassigned" metadata, but has a few other style updates.
parent 4a437546
# Auditor users **(PREMIUM ONLY)** ---
stage: none
group: unassigned
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
---
>[Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/998) in [GitLab Premium](https://about.gitlab.com/pricing/) 8.17. # Auditor users **(PREMIUM ONLY)**
Auditor users are given read-only access to all projects, groups, and other Auditor users are given read-only access to all projects, groups, and other
resources on the GitLab instance. resources on the GitLab instance.
## Overview ## Overview
Auditor users can have full access to their own resources (projects, groups, Auditor users are able to have both full access to their own resources
snippets, etc.), and read-only access to **all** other resources, except the (including projects, groups, and snippets) and read-only access to _all_ other
Admin Area. To put another way, they are just regular users (who can be added resources, except the [Admin Area](../user/admin_area/index.md). These user
to projects, create personal snippets, create milestones on their groups, etc.) accounts are regular users who can be added to projects, create personal
who also happen to have read-only access to all projects on the system that snippets, and create milestones on their groups, while also having read-only
they haven't been explicitly [given access](../user/permissions.md) to. access to all projects on the server to which they haven't been explicitly
[given access](../user/permissions.md).
The Auditor role is _not_ a read-only version of the Admin role. Auditor users The Auditor role is _not_ a read-only version of the Admin role. Auditor users
will not be able to access the project/group settings pages, or the Admin Area. can't access the project or group settings pages, or the Admin Area.
To sum up, assuming you have logged-in as an Auditor user: Assuming you have signed in as an Auditor user:
- For a project the Auditor is not member of, the Auditor should have - For a project the Auditor is not member of, the Auditor should have
read-only access. If the project is public or internal, they would have the read-only access. If the project is public or internal, they have the same
same access as the users that are not members of that project/group. access as users that aren't members of that project or group.
- For a project the Auditor owns, the Auditor should have full access to - For a project the Auditor owns, the Auditor should have full access to
everything. everything.
- For a project the Auditor has been added to as a member, the Auditor should - For a project to which the Auditor is added as a member, the Auditor should
have the same access as the [permissions](../user/permissions.md) they were given to. For example, if have the same access as their given [permissions](../user/permissions.md).
they were added as a Developer, they could then push commits or comment on For example, if they were added as a Developer, they can push commits or
issues. comment on issues.
- The Auditor cannot view the Admin Area, or perform any admin actions. - The Auditor can't view the Admin Area, or perform any admin actions.
For more information about what an Auditor can or can't do, see the For more information about what an Auditor can or can't do, see the
[Permissions and restrictions of an Auditor user](#permissions-and-restrictions-of-an-auditor-user) [Permissions and restrictions of an Auditor user](#permissions-and-restrictions-of-an-auditor-user)
...@@ -36,33 +41,37 @@ section. ...@@ -36,33 +41,37 @@ section.
## Use cases ## Use cases
1. Your compliance department wants to run tests against the entire GitLab base The following use cases describe some situations where Auditor users could be
to ensure users are complying with password, credit card, and other sensitive helpful:
data policies. With Auditor users, this can be achieved very easily without
resulting to tactics like giving a user admin rights or having to use the API - Your compliance department wants to run tests against the entire GitLab base
to add them to all projects. to ensure users are complying with password, credit card, and other sensitive
1. If particular users need visibility or access to most of all projects in data policies. With Auditor users, this can be achieved very without having
your GitLab instance, instead of manually adding the user to all projects, to give them user admin rights or using the API to add them to all projects.
you can simply create an Auditor user and share the credentials with those - If particular users need visibility or access to most of all projects in
that you want to grant access to. your GitLab instance, instead of manually adding the user to all projects,
you can create an Auditor user and then share the credentials with those users
to which you want to grant access.
## Adding an Auditor user ## Adding an Auditor user
To create a new Auditor user:
1. Create a new user or edit an existing one by navigating to 1. Create a new user or edit an existing one by navigating to
**Admin Area > Users**. You will find the option of the access level under **Admin Area > Users**. You will find the option of the access level in
the 'Access' section. the 'Access' section.
![Admin Area Form](img/auditor_access_form.png) ![Admin Area Form](img/auditor_access_form.png)
1. Click **Save changes** or **Create user** for the changes to take effect. 1. Select **Save changes** or **Create user** for the changes to take effect.
To revoke the Auditor permissions from a user, simply make them a Regular user To revoke Auditor permissions from a user, make them a regular user by
following the same steps as above. following the previous steps.
## Permissions and restrictions of an Auditor user ## Permissions and restrictions of an Auditor user
An Auditor user should be able to access all projects and groups of a GitLab An Auditor user should be able to access all projects and groups of a GitLab
instance, with the following permissions/restrictions: instance, with the following permissions and restrictions:
- Has read-only access to the API - Has read-only access to the API
- Can access projects that are: - Can access projects that are:
...@@ -70,15 +79,15 @@ instance, with the following permissions/restrictions: ...@@ -70,15 +79,15 @@ instance, with the following permissions/restrictions:
- Public - Public
- Internal - Internal
- Can read all files in a repository - Can read all files in a repository
- Can read issues / MRs - Can read issues and MRs
- Can read project snippets - Can read project snippets
- Cannot be Admin and Auditor at the same time - Cannot be Admin and Auditor at the same time
- Cannot access the Admin Area - Cannot access the Admin Area
- In a group / project they're not a member of: - In a group or project they're not a member of:
- Cannot access project settings - Cannot access project settings
- Cannot access group settings - Cannot access group settings
- Cannot commit to repository - Cannot commit to repository
- Cannot create / comment on issues / MRs - Cannot create or comment on issues and MRs
- Cannot create/modify files from the Web UI - Cannot create or modify files from the Web UI
- Cannot merge a merge request - Cannot merge a merge request
- Cannot create project snippets - Cannot create project snippets
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment