Skip to content

Auditor users cannot access public and internal projects when files access is limited to project members

Summary

Auditor users cannot access public and internal projects when View and edit files in this project setting is set to Only Project Members.

Docs, on the other hand, state:

Auditor users are given read-only access to all projects, groups, and other resources on the GitLab instance.

Steps to reproduce

  1. Create public or internal project.
  2. Change the View and edit files in this project setting to Only Project Members.
  3. Impersonate auditor user and navigate to that project.
  4. Issue is that you cannot see the code in there.

What is the current bug behavior?

Code is not accessible.

What is the expected correct behavior?

Code is accessible. Auditors should have access to everything minus settings/admin.

Issue readiness

  • Product: issue description is accurate with an acceptable proposal for an MVC
  • Engineering: issue is implementable with few remaining questions, is sufficiently broken down, and is able to be estimated
Edited by Melissa Ushakov