Page MenuHomePhabricator

Add GitLab to offboarding workflow
Open, MediumPublic

Description

GitLab offers access to certain repositories and groups. Some groups can give additional privileges. When people leave teams/roles, we have to make sure to review this groups and remove access, if needed.

We should create some documentation what has to be done in GitLab to review a users privileges and groups. Documentation should make sense here https://wikitech.wikimedia.org/wiki/SRE_Offboarding.

If possible, a cookbook or automatic sync (with ldap?) should be preferred over manually configuring GitLab.

Example of "Groups and projects" page in GitLab admin menu: https://gitlab.wikimedia.org/admin/users/jelto/projects (admin access required P16962)

Related Objects

Event Timeline

Change 931286 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/alerts@master] sre: add gitlab ci alerts

https://gerrit.wikimedia.org/r/931286

Jelto triaged this task as Medium priority.Jun 19 2023, 2:52 PM

^ sorry wrong Bug: in change.

LDAP sync is now implemented but some manual permissions remain in place so this is still a valid request.