Make contributions of blocked users visible to non-admin users
-
- View options
Make contributions of blocked users visible to non-admin users
Proposal
The activities of a user who has been blocked from Gitlab (such as when Gitlab is using LDAP for authentication and the LDAP user has been deactivated) ought to be viewable without admin permissions. It doesn't make sense that a project owner can make any changes they wish to a project, but cannot view changes that another user has made to their project if that user account has been blocked. As a regular user, I can view the contribution history of any other user without special permissions - I don't understand why this history becomes hidden when a user is deactivated.
There are lots of obvious reasons why you might want to review a user's activity after their account has been blocked. Perhaps the user was blocked due to malicious activity, and project owners may want to review contributions by that user. Perhaps a contractor's contributions need to be reviewed to see whether the contractor should be renewed, etc.
Currently, Gitlab administrators are able to see this activity, but not any other permission level. Granting someone read-only access to the history of a blocked user should not require making them an administrator over the whole installation.
The history should either not be hidden when a user is blocked, or a new read permission level should be added which allows designated users to review this history.
Attributes
Status
Assignees
Labels
Parent
Weight
Milestone
Iteration
Dates
Start: None
Due: None
Health status
Subscription
Time tracking
Activity
- Edited by John Colvin
A use case we have is this:
- user X leaves company
- someone remembers "didn't X do some experiments on that"
- users should be able to go find X's contributions to check
Particularly annoying is that you can't see the list of the user's personal repos unless you are an admin.
Setting label(s) devopsmanage ~"group::authentication and authorization" sectiondev based on Category:User Management ~"group::authentication and authorization" ldap.
US Federal customer interested in this feature:
- US Federal ticket (Internal access to verified US Citizens only)
- SFDC (internal)
The following customer is interested in this capability
- Subscription: GitLab Ultimate
- Product: self-managed
- Link to request: ZD ticket (internal)
- Priority: customer priority7
One of the main points of a version control system – and related tools such as gitlab – is to have a clear picture of the change history for the code. The problem that the feature aims to address is making it harder for users to get a clear picture of the code, which will result in users having to find workarounds and potentially lowers the trust for the tool. - Why interested:
Because it has already impacted our organization when having to go through the history for the code. - Problem they are trying to solve:
Getting a fast and clear picture of changed made by users who worked on the code, and knowing that you can trust the tool to provide such data. - Current solution for this problem:
Right now the only alternative is the scroll through the entire commit history for a project (very time consuming) or viewing the users change history and trying to find commits that matches the right project and time frame (also very time consuming). Both alternatives also makes it easier to miss the change you're searching for as you have to go through a lot of irrelevant data. - Impact to the customer of not having this:
Loss of clarity and transparency of changes made to code over time, as well as extra time lost while forced to use the workarounds. - Questions:
No additional notes other than those from the answers above. - PM to mention: @mjwood
- AO to mention: @moskarsen
cc: @dorrino
