GitLab Groups and Members
A group is GitLab's way of organizing multiple projects and people under one namespace. Think of a group as a company department — it owns several projects and controls who can access them.
Groups vs Projects — The Hierarchy
GitLab Instance
└── Group: acme-corp
├── Subgroup: frontend-team
│ ├── Project: website
│ └── Project: design-system
└── Subgroup: backend-team
├── Project: api-server
└── Project: database-tools
Permissions set at the group level flow down automatically to every subgroup and project inside it. You do not need to add members to each project individually.
Creating a Group
Click + in the top navigation bar, choose New group, and fill in:
- Group name — shown in the URL (e.g. gitlab.com/acme-corp)
- Visibility — Private, Internal, or Public
- Description — short summary of what the group is for
Member Roles — The Five Permission Levels
Every member of a group or project has exactly one role. Each role grants a specific set of capabilities:
| Role | Can Do | Cannot Do |
|---|---|---|
| Guest | View issues, leave comments | Push code, create MRs |
| Reporter | View all content, create issues | Push code, merge |
| Developer | Push to non-protected branches, create MRs | Merge to protected branches, manage settings |
| Maintainer | Merge MRs, manage branches, add members | Delete the project or group |
| Owner | Full control including deletion and billing | Nothing — full access |
How Permissions Inherit
Group: acme-corp → Sara is Maintainer
│
├── Project: website
│ Sara is Maintainer here too (inherited) ✅
│
└── Project: api-server
Sara is Maintainer here too (inherited) ✅
You can INCREASE Sara's role on a specific project
but you cannot DECREASE it below the group level.
If Sara is a Developer at group level, you can make her a Maintainer on one specific project. You cannot make her a Reporter — her group role sets the floor.
Adding Members to a Group
Go to Group → Manage → Members → Invite members. Enter the person's GitLab username or email address, choose their role, and optionally set an expiry date for their access.
Invite: john@company.com Role: Developer Access expires: 2025-03-31 (optional) → John receives an email invitation → After accepting, John has Developer access to all group projects
Access Expiry — Temporary Team Members
Set an expiry date when adding contractors or external reviewers. On the expiry date, GitLab automatically removes their access. No manual cleanup required.
Subgroups — Organising Large Teams
Subgroups let large organisations divide their work into departments without losing the top-level namespace. Each subgroup has its own members, projects, and settings but sits inside the parent group.
Group: university
├── Subgroup: computer-science
│ ├── Project: compiler-course
│ └── Project: os-lab
└── Subgroup: mathematics
├── Project: linear-algebra
└── Project: statistics
A professor added to the computer-science subgroup cannot access the mathematics subgroup unless explicitly invited.
Group-Level Features
Group Issues
View all issues across every project in the group from one place: Group → Issues. Filter by label, assignee, or milestone across all projects simultaneously.
Group Milestones
A group milestone spans multiple projects. A sprint goal that touches both the frontend and backend can be tracked in a single milestone rather than two separate ones.
Group CI/CD Variables
Store secrets like API keys or passwords at the group level. Every project inside the group can read these variables in their CI/CD pipelines without storing the secret in each project separately.
Transferring a Project Between Groups
Go to Project Settings → General → Advanced → Transfer project. Choose the target group. The project's URL changes, but GitLab creates a redirect from the old URL so existing links keep working for a period.
Group Access Requests
Public and internal groups can allow users to request access. An Owner receives a notification and approves or denies the request. Enable this at Group Settings → General → Permissions → Allow users to request access.
Removing a Member
Go to Group → Manage → Members, find the member, click the three-dot menu, and choose Remove member. Their access ends immediately. Issues and commits they created remain intact — removing a member does not delete their past contributions.
Group Badges
Badges are small status images that appear on the group page and every project inside it. A common badge shows the build status or code coverage percentage.
acme-corp group page: ┌─────────────────────────────────────────┐ │ acme-corp │ │ [pipeline: passing ✅] [coverage: 87%] │ └─────────────────────────────────────────┘
Add badges at Group Settings → General → Badges.
