1. Guest users can only view the [confidential issues](project/issues/confidential_issues.md) they created themselves.
2. Guest users can only view the [confidential issues](project/issues/confidential_issues.md) they created themselves.
1. If **Public pipelines** is enabled in **Project Settings > CI/CD**.
3. Not allowed for Guest, Reporter, Developer, Maintainer, or Owner. See [protected branches](project/protected_branches.md).
1. Not allowed for Guest, Reporter, Developer, Maintainer, or Owner. See [protected branches](project/protected_branches.md).
4. If the [branch is protected](project/protected_branches.md), this depends on the access Developers and Maintainers are given.
1. If the [branch is protected](project/protected_branches.md), this depends on the access Developers and Maintainers are given.
5. Guest users can access GitLab [**Releases**](project/releases/index.md) for downloading assets but are not allowed to download the source code nor see [repository information like commits and release evidence](project/releases/index.md#view-a-release-and-download-assets).
1. Guest users can access GitLab [**Releases**](project/releases/index.md) for downloading assets but are not allowed to download the source code nor see [repository information like commits and release evidence](project/releases/index.md#view-a-release-and-download-assets).
6. Actions are limited only to records owned (referenced) by user.
1. Actions are limited only to records owned (referenced) by user.
7. When [Share Group Lock](group/index.md#prevent-a-project-from-being-shared-with-groups) is enabled the project can't be shared with other groups. It does not affect group with group sharing.
1. When [Share Group Lock](group/index.md#prevent-a-project-from-being-shared-with-groups) is enabled the project can't be shared with other groups. It does not affect group with group sharing.
8. For information on eligible approvers for merge requests, see
1. For information on eligible approvers for merge requests, see
1. Applies only to comments on [Design Management](project/issues/design_management.md) designs.
9. Applies only to comments on [Design Management](project/issues/design_management.md) designs.
1. Users can only view events based on their individual actions.
10. Users can only view events based on their individual actions.
1. Project access tokens are supported for self-managed instances on Free and above. They are also
11. Project access tokens are supported for self-managed instances on Free and above. They are also
supported on GitLab SaaS Premium and above (excluding [trial licenses](https://about.gitlab.com/free-trial/)).
supported on GitLab SaaS Premium and above (excluding [trial licenses](https://about.gitlab.com/free-trial/)).
1. If the [tag is protected](#release-permissions-with-protected-tags), this depends on the access Developers and Maintainers are given.
12. If the [tag is protected](#release-permissions-with-protected-tags), this depends on the access Developers and Maintainers are given.
1. A Maintainer can't change project features visibility level if
13. A Maintainer can't change project features visibility level if
[project visibility](../public_access/public_access.md) is set to private.
[project visibility](../public_access/public_access.md) is set to private.
1. Attached design files are moved together with the issue even if the user doesn't have the
14. Attached design files are moved together with the issue even if the user doesn't have the
Developer role.
Developer role.
1. Guest users can only set metadata (for example, labels, assignees, or milestones)
15. Guest users can only set metadata (for example, labels, assignees, or milestones)
when creating an issue. They cannot change the metadata on existing issues.
when creating an issue. They cannot change the metadata on existing issues.
1. In GitLab 14.5 or later, Guests are not allowed to [create incidents](../operations/incident_management/incidents.md#incident-creation).
16. In GitLab 14.5 or later, Guests are not allowed to [create incidents](../operations/incident_management/incidents.md#incident-creation).
A guest who created an incident when they had the Reporter role or who is assigned to the incident can modify the title, description and metrics. They can also close and reopen the incident.
A guest who created an incident when they had the Reporter role or who is assigned to the incident can modify the title, description and metrics. They can also close and reopen the incident.
1. In projects that accept contributions from external members, users can create, edit, and close their own merge requests.
17. In projects that accept contributions from external members, users can create, edit, and close their own merge requests.
1. Authors and assignees of issues can modify the title and description even if they don't have the Reporter role.
18. Authors and assignees of issues can modify the title and description even if they don't have the Reporter role.
1. Authors and assignees can close and reopen issues even if they don't have the Reporter role.
19. Authors and assignees can close and reopen issues even if they don't have the Reporter role.
1. The ability to view the Container Registry and pull images is controlled by the [Container Registry's visibility permissions](packages/container_registry/index.md#container-registry-visibility-permissions).
20. The ability to view the Container Registry and pull images is controlled by the [Container Registry's visibility permissions](packages/container_registry/index.md#container-registry-visibility-permissions).
<!-- markdownlint-enable MD029 -->
## Project features permissions
## Project features permissions
...
@@ -268,14 +271,18 @@ More details about the permissions for some project-level features follow.
...
@@ -268,14 +271,18 @@ More details about the permissions for some project-level features follow.
1. Groups can be set to [allow either Owners or Owners and
1. Groups can be set to [allow either Owners or Owners and
Maintainers to create subgroups](group/subgroups/index.md#creating-a-subgroup)
Maintainers to create subgroups](group/subgroups/index.md#creating-a-subgroup)
1. Introduced in GitLab 12.2.
2. Introduced in GitLab 12.2.
1. Default project creation role can be changed at:
3. Default project creation role can be changed at:
- The [instance level](admin_area/settings/visibility_and_access_controls.md#define-which-roles-can-create-projects).
- The [instance level](admin_area/settings/visibility_and_access_controls.md#define-which-roles-can-create-projects).
- The [group level](group/index.md#specify-who-can-add-projects-to-a-group).
- The [group level](group/index.md#specify-who-can-add-projects-to-a-group).
1. Does not apply to subgroups.
4. Does not apply to subgroups.
1. Developers can push commits to the default branch of a new project only if the [default branch protection](group/index.md#change-the-default-branch-protection-of-a-group) is set to "Partially protected" or "Not protected".
5. Developers can push commits to the default branch of a new project only if the [default branch protection](group/index.md#change-the-default-branch-protection-of-a-group) is set to "Partially protected" or "Not protected".
1. In addition, if your group is public or internal, all users who can see the group can also see group wiki pages.
6. In addition, if your group is public or internal, all users who can see the group can also see group wiki pages.
1. Users can only view events based on their individual actions.
7. Users can only view events based on their individual actions.