Group-Based Authorization in GitLab

Why Group-Based?

In an organization, there are multiple projects, and every project has multiple users every user has a different role to perform, based on the role whether he is owner, maintainer, developer, reporter, or guest we assign the role to that user, but the main problem is that when we have to use those users to the different project then we have to do all the same task again. There is a better way to manage users in GitLab by creating groups and assigning those groups to the project.

What is GitLab Group?

In GitLab, we use groups to manage one or more related projects at the same time. We can use groups to manage permissions for your projects. If someone has access to the group, they get access to all the projects in the group. We can also view all of the issues and merge requests for the projects in the group, and view analytics that shows the group’s activity. We can also create subgroups in a group.

Share Project with Groups

We can share projects with groups. This makes it possible to add a group of users to a project with a single action. Instead of adding users directly to the project we first create different groups and invite members to that group with a max role. Invite that group to the project, by doing so we can manage users in the project much more efficiently.

Steps to solve the problem:

To authorize users we need to create a group and invite users to that group and invite that group to the project where you want to authorize users, so users are first added to a group and then the group is added to the project. For a better understanding, I have shown an example below:

Groups for Authorization

For proper managing users we have gone with the group concept, in this, we have created three groups gurus, devops and reviewers. Every group is assigned different roles, and depending upon the roles, the group will have permission.

Group with Roles

We have assigned each group with different role and added respective members to the group

Serial No.Group NameRoleMembers
1gurusOwnerMahesh Kumar and Naveen Verma
2devopsMaintainerJaved Khan, Sanyam Kalra, Shubham Sahu and Varsha Kanwar
4reviewersReporterAbhishek Vishwakarma and Ishaan Ambashta

For better understanding, we have created a group name avengers with two members name Ashutosh Yadav and Sandeep Rawat, within-group we created a subgroup with the names devops, gurus and reviewers

Note: Group members of the avengers will be directly inherited by all subgroups

We added all the members to the respective groups. We can use these groups to assign users to the project. Doing this it makes easier for managing users in the project.

Using this strategy it makes easier when someone leaves or joins an organization, we only need to add or remove from the respected group. It takes less effort to manage users in the organization when someone is part of multiple groups.


Using a group for managing users is a better way to manage users. Doing so it makes easier for the admin to manage users. In an organization, different teams have different permission on different projects, using group-based user management, we can change the permission on any group by changing the max role of that group.


Blog Pundits: Deepak Gupta and Sandeep Rawat

Opstree is an End to End DevOps solution provider.

Connect with Us

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: