doc/user/group/manage.md
Use groups to manage one or more related projects at the same time.
[!note] On GitLab Self-Managed, if you want to see an overview of your entire organization, you should create one top-level group. For more information about efforts to create an organization view of all groups, see epic 9266. A top-level group offers insights in your entire organization through a complete Security Dashboard and Center, Vulnerability report, compliance center, and value stream analytics.
You can add a README file to provide information about your team and invite users to contribute to your projects. The README displays on the group overview page. All group members can view and edit the README.
Prerequisites:
To add a group README:
gitlab-profile that contains the README.md file.README.md file.You can change the Owner of a group. Each group must always have at least one human member with the Owner role. Internal users ("bots") and service accounts cannot be the only Owner of a group.
Changing a group's path (group URL) can have unintended side effects. Read how redirects behave for projects and in the API before you proceed.
If you are changing the path so it can be claimed by another group or user, you must rename the group too. Both names and paths must be unique.
To retain ownership of the original namespace and protect the URL redirects, create a new group and transfer projects to it instead.
To change your group path (group URL):
[!warning] It is not possible to rename a namespace if it contains a project with Container Registry tags, because the project cannot be moved.
To ensure that groups with thousands of subgroups get processed correctly, you should test the path change in a test environment. Consider increasing the Puma worker timeout temporarily. For more information about our solution to mitigate this timeout risk, see issue 432065.
The administrator of a GitLab instance can configure default branch protections for all projects in an instance. Groups in that instance inherit the branch protection set at the global level. Group owners can override the instance settings for projects in a group. In GitLab Premium or Ultimate, the administrator of the instance can disable this privilege.
When you create a new project in GitLab, a default branch is created with the first push. The group Owner can customize the initial branch for the group's projects to meet your group's needs.
{{< history >}}
archive_group. Disabled by default.archive_group removed.{{< /history >}}
Archive a group and all of its subgroups and projects. When archived, a group and its contents become read-only, and group data is preserved for future reference.
Additionally, archived groups:
Archived badge on the group pageIssues from archived groups will continue to appear on issue boards until issue 585677 is resolved.
Prerequisites:
To archive a group:
[!note] Archiving a group automatically archives all its subgroups and projects. Individual subgroups or projects within an archived group cannot be unarchived separately.
To archive a group from the Your work list view directly:
This action is also available on other list pages.
Unarchive a group and all of its subgroups and projects. When you unarchive a group:
Prerequisites:
To unarchive a group:
To unarchive a group from the Your work list view directly:
This action is also available on other list pages.
Transfer a group to move it from one location to another in the same GitLab instance. You can:
Prerequisites:
[!note] You cannot transfer a group if it's archived or pending deletion.
To transfer a group:
After you transfer a group, make sure you:
If you need to copy a group to a different GitLab instance, migrate the group by direct transfer.
A group transfer includes:
When transferring a group, keep the following restrictions in mind.
Membership restrictions:
Visibility and access restrictions:
Package and container registry restrictions:
Subscription restrictions:
You can disable all email notifications related to the group, which includes its subgroups and projects.
To disable email notifications:
{{< history >}}
diff_preview_in_email. Disabled by default.diff_preview_in_email removed.{{< /history >}}
When you comment on code in a merge request, GitLab includes a few lines of the diff in the email notification to participants. Some organizational policies treat email as a less secure system, or might not control their own infrastructure for email. This can present risks to IP or access control of source code.
Prerequisites:
To disable diff previews for all projects in a group:
{{< history >}}
pat_expiry_inherited_members_notification. Disabled by default.pat_expiry_inherited_members_notification enabled by default in GitLab 17.10.pat_expiry_inherited_members_notification removed in GitLab 17.11{{< /history >}}
The following group and project members receive notification emails about access tokens that are expiring soon:
You can enable notifications to inherited members of a group:
For more information, see:
{{< history >}}
extended_expiry_webhook_execution_setting. Disabled by default.extended_expiry_webhook_execution_setting removed.{{< /history >}}
GitLab sends multiple expiry emails and triggers a related webhook before a group token expires. By default, these webhooks trigger 7 days before a token expires.
To configure these webhooks to also trigger 60 days and 30 days before a token expires:
You can prevent users from being added to a conversation and getting notified when anyone mentions a group in which those users are members.
Groups with disabled mentions are visualized accordingly in the autocompletion dropdown list.
These visual cues are particularly helpful for groups with many users.
To disable group mentions:
{{< details >}}
{{< /details >}}
{{< history >}}
allow_personal_snippets_setting. Disabled by default.allow_personal_snippets_setting removed.{{< /history >}}
You can prevent enterprise users in your group from creating snippets in their personal namespace. When disabled, enterprise users can still create project snippets, and view and edit their existing personal snippets.
Prerequisites:
To restrict personal snippets for enterprise users:
{{< history >}}
{{< /history >}}
On GitLab.com, you can remove the ability for users to invite new members to subgroups or projects in a top-level group. This also stops group Owners from sending invites. You must disable this setting before you can invite users again.
On GitLab Self-Managed and GitLab Dedicated instances, you can prevent user invitations for the entire instance. For more information, see prevent invitations to a groups and projects.
[!note] Features such as sharing or migrations can still allow access to these subgroups and projects.
Prerequisites:
To prevent invitations to a group:
{{< details >}}
{{< /details >}}
You can export a list of members in a group or subgroup as a CSV.
The output lists direct members and members inherited from the ancestor groups.
For members with Minimal Access in the selected group, their Max Role and Source are derived from their membership in subgroups.
Issue 390358 tracks the discussion about the group members CSV export list not matching the UI members list.
{{< details >}}
{{< /details >}}
{{< history >}}
{{< /history >}}
Use restricted access to prevent overage fees. Overage fees occur when you exceed the number of seats in your subscription, and must be paid at the next quarterly reconciliation.
When you turn on restricted access, groups cannot add new billable users when there are no seats left in the subscription.
[!note] If user cap is enabled for a group that has pending members, when you enable restricted access all pending members are automatically removed from the group.
Prerequisites:
To turn on restricted access:
When you turn on restricted access, the setting to prevent inviting groups outside the group hierarchy is automatically turned on.
You can still independently configure project sharing for the group and its subgroups as needed.
{{< history >}}
bso_minimal_access_fallback. Disabled by default.{{< /history >}}
When restricted access is enabled and no subscription seats are available, users provisioned through SAML, SCIM, or LDAP are assigned the Minimal Access role instead of their configured access level. This behavior ensures that synchronization can continue without consuming billable seats on GitLab.com and Self-Managed Ultimate.
Users with the Minimal Access role can authenticate and access the group, but have limited permissions. When seats become available, they can be promoted to their intended access level. Existing users with billable roles are not affected by this behavior.
You can view seat usage and manage users with Minimal Access.
When you turn on restricted access, the following known issues might occur and result in overages:
Additionally, restricted access might block the standard non-overage flows:
{{< details >}}
{{< /details >}}
{{< history >}}
saas_user_caps removed.{{< /history >}}
For more information about user caps for GitLab Self-Managed, see User cap.
When the number of billable members reaches the user cap, the group Owner must approve new members.
Groups with the user cap feature enabled have group sharing disabled for the group and its subgroups.
[!warning] When you specify a user cap, any members added through group sharing lose access to the group.
Prerequisites:
To set a user cap:
If you already have more users in the group than the user cap value, users are not removed. However, you can't add more without approval.
Increasing the user cap does not approve pending members.
You can remove the user cap, so there is no limit on the number of members you can add to a group.
Prerequisites:
To remove the user cap:
Decreasing the user cap does not approve pending members.
When the number of billable users reaches the user cap, any new member is put in a pending state and must be approved.
Pending members do not count as billable. Members count as billable only after they have been approved and are no longer in a pending state.
Prerequisites:
To approve members that are pending because they've exceeded the user cap:
The user cap cannot be enabled if a group, subgroup, or project is shared externally. If a group, subgroup, or project is shared externally, it is shared outside of the namespace hierarchy, regardless of its level in the hierarchy.
To ensure that the user cap applies when groups, subgroups, or projects are shared externally, restrict group sharing only in the top-level namespace. A top-level namespace restriction allows invitations in the same namespace and prevents new user (seat) additions from external shares.
GitLab.com Ultimate has a known issue where you cannot add guest users to a group when billable users exceed the user cap. For example, suppose you have a user cap of 5, with 3 developers, and 2 guests. After you add 2 more developers, you cannot add any more users, even if they are guest users that don't consume a billable seat.
When you change from user cap to restricted access, all pending members (both members awaiting approval and invited members) are automatically removed. To ensure users are approved as members, you must approve or remove pending members before enabling restricted access.
{{< details >}}
{{< /details >}}
Use group file templates to share a set of templates for common file types with every project in a group. It is analogous to the instance template repository. The selected project should follow the same naming conventions as are documented on that page.
You can only choose projects in the group as the template source. This includes projects shared with the group, but it excludes projects in subgroups or parent groups of the group being configured.
You can configure this feature for both subgroups and immediate parent groups. A project in a subgroup has access to the templates for that subgroup and any immediate parent groups.
To learn how to create templates for issues and merge requests, see description templates.
Define project templates at a group level by setting a group as the template source. For more information, see group-level project templates.
{{< details >}}
{{< /details >}}
To enable group file templates:
{{< details >}}
{{< /details >}}
{{< history >}}
support_group_level_merge_checks_setting. Disabled by default.support_group_level_merge_checks_setting removed.{{< /history >}}
Group Owners can set up merge request checks on a top-level group, which apply to all subgroups and projects.
If the settings are inherited by a subgroup or project, they cannot be changed in the subgroup or project that inherited them.
You can configure all child projects in your group to require a complete and successful pipeline before merge.
See also the project-level setting.
Prerequisites:
To enable this setting:
You can configure skipped pipelines from preventing merge requests from being merged.
See also the project-level setting.
Prerequisites:
To change this behavior:
You can prevent merge requests from being merged until all threads are resolved. When this setting is enabled, child projects in your group display open thread counts in orange on merge requests with at least one open thread.
Prerequisites:
To enable this setting:
{{< details >}}
{{< /details >}}
Group approval settings manage project merge request approval settings for all projects in a top-level group. These settings cascade to all projects that belong to the group.
To view the merge request approval settings for a group:
Approval settings should not be confused with approval rules. Support for the ability to set merge request approval rules for groups is tracked in epic 4367.
{{< details >}}
{{< /details >}}
For a group, you can view how many merge requests, issues, and members were created in the last 90 days.
Changes to group wikis do not appear in group activity analytics.
You can view the most recent actions taken in a group, either in your browser or in an RSS feed:
To view the activity feed in Atom format, select the RSS ({{< icon name="rss" >}}) icon.
{{< details >}}
{{< /details >}}
{{< history >}}
usage_billing_dev. Enabled by default.usage_billing_dev removed in GitLab 18.10.{{< /history >}}
Prerequisites:
To display user data on the GitLab Credits dashboard: