Available custom permissions
The following permissions are available. You can add these permissions in any combination to a base role to create a custom role.
Some permissions require having other permissions enabled first. For example, administration of vulnerabilities (admin_vulnerability
) can only be enabled if reading vulnerabilities (read_vulnerability
) is also enabled.
These requirements are documented in the Required permission
column in the following table.
Code review workflow
Name | Required permission | Description | Introduced in | Feature flag | Enabled in |
---|---|---|---|---|---|
admin_merge_request |
Allows approval of merge requests. | GitLab 16.4 | |||
read_code |
Allows read-only access to the source code. | GitLab 15.7 | customizable_roles |
GitLab 15.9 |
Group and projects
Name | Required permission | Description | Introduced in | Feature flag | Enabled in |
---|---|---|---|---|---|
admin_group_member |
Allows admin of group members. | GitLab 16.5 | admin_group_member |
GitLab 16.6 |
Groups and projects
Name | Required permission | Description | Introduced in | Feature flag | Enabled in |
---|---|---|---|---|---|
archive_project |
Allows archiving of projects. | GitLab 16.6 | archive_project |
GitLab 16.7 | |
remove_project |
Allows deletion of projects. | GitLab 16.8 |
Infrastructure as code
Name | Required permission | Description | Introduced in | Feature flag | Enabled in |
---|---|---|---|---|---|
admin_terraform_state |
Allows to admin terraform state | GitLab 16.8 |
System access
Name | Required permission | Description | Introduced in | Feature flag | Enabled in |
---|---|---|---|---|---|
manage_group_access_tokens |
Allows manage access to the group access tokens. | GitLab 16.8 | |||
manage_project_access_tokens |
Allows manage access to the project access tokens. | GitLab 16.5 | manage_project_access_tokens |
GitLab 16.8 |
Vulnerability management
Name | Required permission | Description | Introduced in | Feature flag | Enabled in |
---|---|---|---|---|---|
admin_vulnerability |
Allows admin access to the vulnerability reports. | GitLab 16.1 | |||
read_dependency |
Allows read-only access to the dependencies. | GitLab 16.3 | |||
read_vulnerability |
Allows read-only access to the vulnerability reports. | GitLab 16.1 |