GitLab Groups and Members

A group is GitLab's way of organizing multiple projects and people under one namespace. Think of a group as a company department — it owns several projects and controls who can access them.

Groups vs Projects — The Hierarchy

  GitLab Instance
  └── Group: acme-corp
       ├── Subgroup: frontend-team
       │    ├── Project: website
       │    └── Project: design-system
       └── Subgroup: backend-team
            ├── Project: api-server
            └── Project: database-tools

Permissions set at the group level flow down automatically to every subgroup and project inside it. You do not need to add members to each project individually.

Creating a Group

Click + in the top navigation bar, choose New group, and fill in:

  • Group name — shown in the URL (e.g. gitlab.com/acme-corp)
  • Visibility — Private, Internal, or Public
  • Description — short summary of what the group is for

Member Roles — The Five Permission Levels

Every member of a group or project has exactly one role. Each role grants a specific set of capabilities:

RoleCan DoCannot Do
GuestView issues, leave commentsPush code, create MRs
ReporterView all content, create issuesPush code, merge
DeveloperPush to non-protected branches, create MRsMerge to protected branches, manage settings
MaintainerMerge MRs, manage branches, add membersDelete the project or group
OwnerFull control including deletion and billingNothing — full access

How Permissions Inherit

  Group: acme-corp  →  Sara is Maintainer
       │
       ├── Project: website
       │      Sara is Maintainer here too (inherited) ✅
       │
       └── Project: api-server
              Sara is Maintainer here too (inherited) ✅

  You can INCREASE Sara's role on a specific project
  but you cannot DECREASE it below the group level.

If Sara is a Developer at group level, you can make her a Maintainer on one specific project. You cannot make her a Reporter — her group role sets the floor.

Adding Members to a Group

Go to Group → Manage → Members → Invite members. Enter the person's GitLab username or email address, choose their role, and optionally set an expiry date for their access.

  Invite: john@company.com
  Role:   Developer
  Access expires: 2025-03-31 (optional)

  → John receives an email invitation
  → After accepting, John has Developer access to all group projects

Access Expiry — Temporary Team Members

Set an expiry date when adding contractors or external reviewers. On the expiry date, GitLab automatically removes their access. No manual cleanup required.

Subgroups — Organising Large Teams

Subgroups let large organisations divide their work into departments without losing the top-level namespace. Each subgroup has its own members, projects, and settings but sits inside the parent group.

  Group: university
  ├── Subgroup: computer-science
  │    ├── Project: compiler-course
  │    └── Project: os-lab
  └── Subgroup: mathematics
       ├── Project: linear-algebra
       └── Project: statistics

A professor added to the computer-science subgroup cannot access the mathematics subgroup unless explicitly invited.

Group-Level Features

Group Issues

View all issues across every project in the group from one place: Group → Issues. Filter by label, assignee, or milestone across all projects simultaneously.

Group Milestones

A group milestone spans multiple projects. A sprint goal that touches both the frontend and backend can be tracked in a single milestone rather than two separate ones.

Group CI/CD Variables

Store secrets like API keys or passwords at the group level. Every project inside the group can read these variables in their CI/CD pipelines without storing the secret in each project separately.

Transferring a Project Between Groups

Go to Project Settings → General → Advanced → Transfer project. Choose the target group. The project's URL changes, but GitLab creates a redirect from the old URL so existing links keep working for a period.

Group Access Requests

Public and internal groups can allow users to request access. An Owner receives a notification and approves or denies the request. Enable this at Group Settings → General → Permissions → Allow users to request access.

Removing a Member

Go to Group → Manage → Members, find the member, click the three-dot menu, and choose Remove member. Their access ends immediately. Issues and commits they created remain intact — removing a member does not delete their past contributions.

Group Badges

Badges are small status images that appear on the group page and every project inside it. A common badge shows the build status or code coverage percentage.

  acme-corp group page:
  ┌─────────────────────────────────────────┐
  │ acme-corp                               │
  │ [pipeline: passing ✅] [coverage: 87%]  │ 
  └─────────────────────────────────────────┘

Add badges at Group Settings → General → Badges.

Leave a Comment

Your email address will not be published. Required fields are marked *