- (*2*): Guest users can only view the confidential issues they created themselves
- (*3*): If **Public pipelines** is enabled in **Project Settings > CI/CD**
- (*4*): Not allowed for Guest, Reporter, Developer, Maintainer, or Owner
## Project features permissions
## Project features permissions
...
@@ -163,7 +168,7 @@ to learn more.
...
@@ -163,7 +168,7 @@ to learn more.
The user that locks a file or directory is the only one that can edit and push their changes back to the repository where the locked objects are located.
The user that locks a file or directory is the only one that can edit and push their changes back to the repository where the locked objects are located.
Read through the documentation on [permissions for File Locking](https://docs.gitlab.com/ee/user/project/file_lock.html#permissions-on-file-locking) to learn more.
Read through the documentation on [permissions for File Locking](project/file_lock.md#permissions-on-file-locking) to learn more.
### Confidential Issues permissions
### Confidential Issues permissions
...
@@ -192,20 +197,20 @@ the group. The following table depicts the various user permission levels in a
...
@@ -192,20 +197,20 @@ the group. The following table depicts the various user permission levels in a
@@ -257,15 +262,15 @@ Please be aware that this regex could lead to a DOS attack, [see](https://en.wik
...
@@ -257,15 +262,15 @@ Please be aware that this regex could lead to a DOS attack, [see](https://en.wik
## Auditor users **[PREMIUM ONLY]**
## Auditor users **[PREMIUM ONLY]**
>[Introduced][ee-998] in [GitLab Premium][eep] 8.17.
>[Introduced](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/998) in [GitLab Premium](https://about.gitlab.com/pricing/) 8.17.
Auditor users are given read-only access to all projects, groups, and other
Auditor users are given read-only access to all projects, groups, and other
resources on the GitLab instance.
resources on the GitLab instance.
An Auditor user should be able to access all projects and groups of a GitLab instance
An Auditor user should be able to access all projects and groups of a GitLab instance
with the permissions described on the documentation on [auditor users permissions](https://docs.gitlab.com/ee/administration/auditor_users.html#permissions-and-restrictions-of-an-auditor-user).
with the permissions described on the documentation on [auditor users permissions](../administration/auditor_users.md#permissions-and-restrictions-of-an-auditor-user).
[Read more about Auditor users.](https://docs.gitlab.com/ee/administration/auditor_users.html)
[Read more about Auditor users.](../administration/auditor_users.md)
## Project features
## Project features
...
@@ -298,7 +303,7 @@ instance and project. In addition, all admins can use the admin interface under
...
@@ -298,7 +303,7 @@ instance and project. In addition, all admins can use the admin interface under
| Push container images to current project | | ✓ | ✓ | ✓ |
| Push container images to current project | | ✓ | ✓ | ✓ |
| Push container images to other projects | | | | |
| Push container images to other projects | | | | |
| Push source and LFS | | | | |
-*1*: Only if the user is not an external one
-*2*: Only if the user is a member of the project
### New CI job permissions model
### New CI job permissions model
...
@@ -350,17 +360,4 @@ for details about the pipelines security model.
...
@@ -350,17 +360,4 @@ for details about the pipelines security model.
## LDAP users permissions
## LDAP users permissions
Since GitLab 8.15, LDAP user permissions can now be manually overridden by an admin user.
Since GitLab 8.15, LDAP user permissions can now be manually overridden by an admin user.
Read through the documentation on [LDAP users permissions](https://docs.gitlab.com/ee/administration/auth/how_to_configure_ldap_gitlab_ee/index.html) to learn more.
Read through the documentation on [LDAP users permissions](../administration/auth/how_to_configure_ldap_gitlab_ee/index.html) to learn more.
[^1]:On public and internal projects, all users are able to perform this action
[^2]:Guest users can only view the confidential issues they created themselves
[^3]:If**Public pipelines** is enabled in **Project Settings > CI/CD**
[^4]:Not allowed for Guest, Reporter, Developer, Maintainer, or Owner