Add permission to grant other users Owner privileges to a project
This has come up in https://gitlab.com/gitlab-com/support-forum/issues/261 and https://gitlab.com/gitlab-org/gitlab-ce/issues/28233#note_62220577. Recently @dimitrieh wanted to move a personal project to the gitlab-com
namespace. He tried to give me Maintainer privileges, but that wasn't enough permission to transfer a project. The only way we can move this project is to give @dimitrieh the right privileges to gitlab-com
because he can't add me as an Owner.
For historical context, @DouweM said:
Before there were groups, a project could only have one owner: the owner of the namespace the project is in. “Owner” was not a member role, it was a fixed property of the project. Then when groups came around, a single owner for the group didn’t make sense anymore, and we added the Owner role. We didn’t add it to projects, presumably because the difference between a project master and project owner is limited to things you’d usually only want owners of the group the project is in to do anyway, like deleting it, changing visibility, and transferring it (edited)
I think it makes a lot of sense [to add this], and it would remove some confusion and inconsistency
The idea around transferring is that a project can only be transferred to a group where you already have the ability to create a project, which is limited to group masters and owners.
I think GitHub has the concept of a Transfer Request, where Dimitrie could request his project to be transferred, and Stan could accept it
Proposal
- An Owner should be able to grant Owner permissions to other members of the project.
- For personal namespaces:
- Owners should be able to grant Owner status to other project members.
- It should not be possible to downgrade the namespace owner to a role lower than
Owner
.
- For groups:
- As with other membership types,
Owner
roles should cascade down into subgroups and projects. It should not be possible to downgrade an inherited membership.
- As with other membership types,
- It will still be possible for other
Owners
to delete or transfer the project out of the original user's namespace if desired. We may want to warn theOwner
in the UI when they are upgrading the member. - We should give the
Owner
role to the member associated with the personal namespace for projects in personal namespaces. (e.g. I should getOwner
role for all my projects in my personaljeremy
namespace).
Details
See note from Douwe on implementation thoughts: https://gitlab.com/gitlab-org/gitlab-ce/issues/44033#note_101133901