Moving this from T293741:
@aborrero writes:
I tried creating a subgroup:
https://gitlab.wikimedia.org/repos/cloud/toolforge
I was able to add the WMCS staff group wmf-team-cloud-services to this subgroup:
https://gitlab.wikimedia.org/groups/repos/cloud/toolforge/-/group_members?tab=groups
Perhaps out of scope for this particular ticket, but I was unable to give permissions to volunteer-group-cloud-admin.
Or is there some kind of inheritance from the parent group?
I wrote:
One thing that's non-obvious - and that we should probably try to make extremely clear to folks - is that if you're a member of a parent group, you're a member of all groups it contains. (This is why we aren't using something with hierarchy like people/wmf/team-cloud-services to model things.)
I had expected that this worked the same for groups, and that anyone in both people/wmf-team-cloud-services and people/volunteer-group-cloud-admin should already have been an owner in cloud/toolforge, but I guess maybe this only holds for direct members of a group:
https://docs.gitlab.com/ee/user/group/#share-a-group-with-another-group
I think this looks like the known problem upstream: Group Permission Inheritance not working as intended
I need to read that thread and see whether it seems like there's a workaround, or any intention of changing the behavior. I'm also noting that while I think I have the right mental model of what's going on here, it's late and the day and trying to be sure is giving me a headache, so I should set up a test case and make sure this is the same problem.