How To Add Members In Group And Projects In GitLab Using API
Hello Everyone
Welcome to CloudAffaire and this is Debjeet.
In the last blog post, we have discussed how to create groups and subgroups in GitLab.
https://cloudaffaire.com/how-to-create-a-group-and-subgroup-in-gitlab-using-api/
In this blog post, we will discuss how to add members in group and projects in GitLab. The demo is created using API as we are taking a programmatic approach to cover most of the demo. But we have also provided the console steps as well so that if you want to perform the demo from GitLab console, you can do the same.
What Is GitLab User?
Each GitLab account has a user profile, and settings. Your profile contains information about you, and your GitLab activity. Your settings allow you to customize some aspects of GitLab to suit yourself. As a GitLab user you’ll have access to all the features your subscription includes. Users have different abilities depending on the access level they have in a particular group or project. If a user is both in a project’s group and the project itself, the highest permission level is used. A user’s permission is defined by the role user is assigned to.
What Is GitLab Role?
A role is the permission boundary a user can have in GitLab. Below is the list of inbuilt role’s available in GitLab.
- Administrator: Provides GitLab instance level admin privileges to a user. Administrator is the highest privilege a user can have in GitLab. GitLab administrator is not available in GitLab.com user accounts and is only available if you have installed and configured your own GitLab server.
- Owner: Provides GitLab group level highest privilege to a user. Every group in GitLab has at least one owner assigned to it and the owner can control all behaviour within that group, subgroups and projects inside that group.
- Maintainer: Provides GitLab project level highest privilege to a user. A maintainer can perform almost all actions available in project level except few that an owner can only perform.
- Developer: Provides less permission than maintainer but more permissions than reporter.
- Reporter: Provides less permission than developer role.
- Guest: Least privilege a user can have in GitLab.
Below table summarize the current access level for all roles.
| Action | Guest | Reporter | Developer | Maintainer | Owner* | Administartor |
| Download project | ✓ (1) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Leave comments | ✓ (1) | ✓ | ✓ | ✓ | ✓ | ✓ |
| View Insights charts | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| View approved/blacklisted licenses | ✓ (1) | ✓ | ✓ | ✓ | ✓ | ✓ |
| View License Compliance reports | ✓ (1) | ✓ | ✓ | ✓ | ✓ | ✓ |
| View Security reports | ✓ (3) | ✓ | ✓ | ✓ | ✓ | ✓ |
| View Dependency list | ✓ (1) | ✓ | ✓ | ✓ | ✓ | ✓ |
| View License list | ✓ (1) | ✓ | ✓ | ✓ | ✓ | ✓ |
| View licenses in Dependency list | ✓ (1) | ✓ | ✓ | ✓ | ✓ | ✓ |
| View Design Management pages | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| View project code | ✓ (1) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Pull project code | ✓ (1) | ✓ | ✓ | ✓ | ✓ | ✓ |
| View GitLab Pages protected by access control | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| View wiki pages | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| See a list of jobs | ✓ (3) | ✓ | ✓ | ✓ | ✓ | ✓ |
| See a job log | ✓ (3) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Download and browse job artifacts | ✓ (3) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Create new issue | ✓ (1) | ✓ | ✓ | ✓ | ✓ | ✓ |
| See related issues | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Create confidential issue | ✓ (1) | ✓ | ✓ | ✓ | ✓ | ✓ |
| View confidential issues | ✓ (2) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Assign issues | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Label issues | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Set issue weight | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Lock issue threads | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Manage issue tracker | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Manage related issues | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Manage labels | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Create code snippets | ✓ | ✓ | ✓ | ✓ | ✓ | |
| See a commit status | ✓ | ✓ | ✓ | ✓ | ✓ | |
| See a container registry | ✓ | ✓ | ✓ | ✓ | ✓ | |
| See environments | ✓ | ✓ | ✓ | ✓ | ✓ | |
| See a list of merge requests | ✓ | ✓ | ✓ | ✓ | ✓ | |
| View project statistics | ✓ | ✓ | ✓ | ✓ | ✓ | |
| View Error Tracking list | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Pull from Conan repository, Maven repository, or NPM registry | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Publish to Conan repository, Maven repository, or NPM registry | ✓ | ✓ | ✓ | ✓ | ||
| Upload Design Management files | ✓ | ✓ | ✓ | ✓ | ||
| Create new branches | ✓ | ✓ | ✓ | ✓ | ||
| Push to non-protected branches | ✓ | ✓ | ✓ | ✓ | ||
| Force push to non-protected branches | ✓ | ✓ | ✓ | ✓ | ||
| Remove non-protected branches | ✓ | ✓ | ✓ | ✓ | ||
| Create new merge request | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Assign merge requests | ✓ | ✓ | ✓ | ✓ | ||
| Label merge requests | ✓ | ✓ | ✓ | ✓ | ||
| Lock merge request threads | ✓ | ✓ | ✓ | ✓ | ||
| Manage/Accept merge requests | ✓ | ✓ | ✓ | ✓ | ||
| Create new environments | ✓ | ✓ | ✓ | ✓ | ||
| Stop environments | ✓ | ✓ | ✓ | ✓ | ||
| Enable Review Apps | ✓ | ✓ | ✓ | ✓ | ||
| Add tags | ✓ | ✓ | ✓ | ✓ | ||
| Cancel and retry jobs | ✓ | ✓ | ✓ | ✓ | ||
| Create or update commit status | ✓ (5) | ✓ | ✓ | ✓ | ||
| Update a container registry | ✓ | ✓ | ✓ | ✓ | ||
| Remove a container registry image | ✓ | ✓ | ✓ | ✓ | ||
| Create/edit/delete project milestones | ✓ | ✓ | ✓ | ✓ | ||
| Use security dashboard | ✓ | ✓ | ✓ | ✓ | ||
| View vulnerabilities in Dependency list | ✓ | ✓ | ✓ | ✓ | ||
| Create issue from vulnerability | ✓ | ✓ | ✓ | ✓ | ||
| Dismiss vulnerability | ✓ | ✓ | ✓ | ✓ | ||
| Apply code change suggestions | ✓ | ✓ | ✓ | ✓ | ||
| Create and edit wiki pages | ✓ | ✓ | ✓ | ✓ | ||
| Rewrite/remove Git tags | ✓ | ✓ | ✓ | ✓ | ||
| Manage Feature Flags | ✓ | ✓ | ✓ | ✓ | ||
| Use environment terminals | ✓ | ✓ | ✓ | |||
| Run Web IDE’s Interactive Web Terminals | ✓ | ✓ | ✓ | |||
| Add new team members | ✓ | ✓ | ✓ | |||
| Enable/disable branch protection | ✓ | ✓ | ✓ | |||
| Push to protected branches | ✓ | ✓ | ✓ | |||
| Turn on/off protected branch push for devs | ✓ | ✓ | ✓ | |||
| Enable/disable tag protections | ✓ | ✓ | ✓ | |||
| Edit project | ✓ | ✓ | ✓ | |||
| Add deploy keys to project | ✓ | ✓ | ✓ | |||
| Configure project hooks | ✓ | ✓ | ✓ | |||
| Manage Runners | ✓ | ✓ | ✓ | |||
| Manage job triggers | ✓ | ✓ | ✓ | |||
| Manage CI/CD variables | ✓ | ✓ | ✓ | |||
| Manage GitLab Pages | ✓ | ✓ | ✓ | |||
| Manage GitLab Pages domains and certificates | ✓ | ✓ | ✓ | |||
| Remove GitLab Pages | ✓ | ✓ | ✓ | |||
| Manage clusters | ✓ | ✓ | ✓ | |||
| View Pods logs | ✓ | ✓ | ✓ | |||
| Manage license policy | ✓ | ✓ | ✓ | |||
| Edit comments (posted by any user) | ✓ | ✓ | ✓ | |||
| Manage Error Tracking | ✓ | ✓ | ✓ | |||
| Delete wiki pages | ✓ | ✓ | ✓ | |||
| View project Audit Events | ✓ | ✓ | ✓ | |||
| Manage push rules | ✓ | ✓ | ✓ | |||
| Switch visibility level | ✓ | ✓ | ||||
| Transfer project to another namespace | ✓ | ✓ | ||||
| Remove project | ✓ | ✓ | ||||
| Delete issues | ✓ | ✓ | ||||
| Disable notification emails | ✓ | ✓ | ||||
| Force push to protected branches (4) | ✓ | |||||
| Remove protected branches (4) | ✓ | |||||
| Administer GitLab Instance | ✓ |
* Owner permission is only available at the group or personal namespace level (and for instance admins) and is inherited by its projects.
- Guest users are able to perform this action on public and internal projects, but not private projects.
- Guest users can only view the confidential issues they created themselves.
- If Public pipelines are enabled in Project Settings > CI/CD.
- Not allowed for Guest, Reporter, Developer, Maintainer, or Owner. See Protected Branches.
- If the branch is protected, this depends on the access Developers and Maintainers are given.
Note: Admin privileges for GitLab.com are restricted to the GitLab team and are not covered in this demo.
How To Add Members In Group And Projects In GitLab Using API:
Step 1: Get 2nd user’s user_id.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
################################################################## ## How To Add Members In Group And Projects In GitLab Using API ## ################################################################## ## Prerequisites: 2 GitLab User Accounts ## 1st GitLab User Account With GitLab Access Token (cloudaffaire for this demo) ## https://cloudaffaire.com/how-to-create-a-gitlab-project-using-api/ ## 2nd GitLab User Account that you own (debjeettoni for this demo) ## One CentOs system with internet access ## git, curl and jq package installed ## Get the user id of the 2nd GitLab user ## GitLab Console => Account => Settings => Profile => Main settings => User ID USER2_ID=$(curl -s --request GET --header "PRIVATE-TOKEN: "https://gitlab.com/api/v4/users?username=debjeettoni" | jq '.[].id') && echo $USER2_ID |
Step 2: Add 2nd user to 1st user’s group and sub-group as a member.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
## ---------------------------------------------- ## Add 2nd user as member to the 1st user's group ## ---------------------------------------------- ## Create a new group in 1st user account ## GitLab Console => Groups => Your Groups => New Group GROUP_ID=$(curl -s --request POST --header "PRIVATE-TOKEN: --data '{"name": "MyCFGroup1", "path": "mycfgroup1", "description": "group created through api" }' \ "https://gitlab.com/api/v4/groups" | jq '.id') ## Get all members available to the newly created group in 1st user account ## GitLab Console => Groups => Your Groups => curl -s --request GET --header "PRIVATE-TOKEN: "https://gitlab.com/api/v4/groups/$GROUP_ID/members/all" | jq '.' ## Only 1st user is the member of the group with owner role. ## Add 2nd user as member to the 1st user's group with Developer role ## GitLab Console => Groups => Your Groups => curl -s --request POST --header "PRIVATE-TOKEN: "https://gitlab.com/api/v4/groups/$GROUP_ID/members?user_id=$USER2_ID&access_level=30" | jq '.' ## Get all members available to the newly created group in 1st user account ## GitLab Console => Groups => Your Groups => curl -s --request GET --header "PRIVATE-TOKEN: "https://gitlab.com/api/v4/groups/$GROUP_ID/members/all" | jq '.' ## 2nd user also added to the member of the group with developer role ## Create a new subgroup inside your group ## GitLab Console => Groups => Your Groups => SUB_GROUP_ID=$(curl -s --request POST --header "PRIVATE-TOKEN: --data '{"name": "MyCFSubGroup", "path": "mycfsubgroup", "description": "subgroup created through api" }' \ "https://gitlab.com/api/v4/groups?parent_id=$GROUP_ID" | jq '.id') ## Get all members available to the newly created sub-group in 1st user account ## GitLab Console => Groups => Your Groups => curl -s --request GET --header "PRIVATE-TOKEN: "https://gitlab.com/api/v4/groups/$SUB_GROUP_ID/members/all" | jq '.' ## 2nd user inherited the devoloper role from the group to subgroup |
Step 3: Remove 2nd user’s membership in 1st user’s group and sub-group.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
## -------------------------------------------------- ## Remove 2nd user membership on the 1st user's group ## -------------------------------------------------- ## Remove the 2nd user membership in 1st user group ## GitLab Console => Groups => Your Groups => curl -s --request DELETE --header "PRIVATE-TOKEN: "https://gitlab.com/api/v4/groups/$GROUP_ID/members/$USER2_ID" | jq '.' ## Get all members available to the newly created group in 1st user account ## GitLab Console => Groups => Your Groups => curl -s --request GET --header "PRIVATE-TOKEN: "https://gitlab.com/api/v4/groups/$GROUP_ID/members/all" | jq '.' ## 2nd user has been removed from the 1st user group membership. |
Step 4: Add 2nd user to 1st user’s project as a member.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
## ------------------------------------------------ ## Add 2nd user as member to the 1st user's project ## ------------------------------------------------ ## Create a project inside your subgroup ## GitLab Console => Groups => Your Groups => PROJECT_ID=$(curl -s --header "PRIVATE-TOKEN: -XPOST "https://gitlab.com/api/v4/projects?name=MyCFProject&visibility=private&namespace_id=$SUB_GROUP_ID" | jq '.id') ## Add 2nd user as member to the 1st user's project with Maintainer role ## GitLab Console => Groups => Your Groups => ## curl -s --request POST --header "PRIVATE-TOKEN: "https://gitlab.com/api/v4/projects/$PROJECT_ID/members?user_id=$USER2_ID&access_level=40" | jq '.' ## Get all members available to the newly created project in 1st user account ## GitLab Console => Groups => Your Groups => ## curl -s --request GET --header "PRIVATE-TOKEN: "https://gitlab.com/api/v4/projects/$PROJECT_ID/members/all" | jq '.' ## 2nd user added to the member of the group with maintainer role |
Step 5: Edit the 2nd user’s membership in 1st user’s project.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
## -------------------------------------------------- ## Edit 2nd user membership on the 1st user's project ## -------------------------------------------------- ## Edit the 2nd user access level from Maintainer to Reporter in 1st user project ## GitLab Console => Groups => Your Groups => ## curl -s --request PUT --header "PRIVATE-TOKEN: "https://gitlab.com/api/v4/projects/$PROJECT_ID/members/$USER2_ID?access_level=20" | jq '.' ## Get all members available to the newly created project in 1st user account ## GitLab Console => Groups => Your Groups => ## curl -s --request GET --header "PRIVATE-TOKEN: "https://gitlab.com/api/v4/projects/$PROJECT_ID/members/all" | jq '.' ## 2nd user modified to reporter role from maintainer role |
Step 6: Cleanup.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
## ------- ## Cleanup ## ------- ## Remove the 2nd user membership in 1st user project ## GitLab Console => Groups => Your Groups => ## curl -s --request DELETE --header "PRIVATE-TOKEN: "https://gitlab.com/api/v4/projects/$PROJECT_ID/members/$USER2_ID" | jq '.' ## Get all members available to the newly created project in 1st user account ## GitLab Console => Groups => Your Groups => ## curl -s --request GET --header "PRIVATE-TOKEN: "https://gitlab.com/api/v4/projects/$PROJECT_ID/members/all" | jq '.' ## 2nd user removed from 1st user project membership ## Delete the group ## GitLab Console => Groups => Your Groups => ## Left navigation pane => Settings => General => Remove group curl -s --request DELETE --header "PRIVATE-TOKEN: "https://gitlab.com/api/v4/groups/$GROUP_ID" | jq '.' ## Valid Access Levels ## 10 => Guest access ## 20 => Reporter access ## 30 => Developer access ## 40 => Maintainer access ## 50 => Owner access # Only valid for groups |
Hope you enjoyed this article. In the next blog post, we will discuss CI/CD in GitLab.
To get more details on GitLab you can follow the below link.
https://docs.gitlab.com/ee/README.html
To Get more details on Git you can follow the below links.
https://cloudaffaire.com/category/devops/git/