Gitlab: team member project access levels

GitLab offers the project access levels:

"Guest"
"Reporter"
"Developer"
"Master"

for "team members" co-operating with a specific project.

"Master" and "Guest" are self-explanatory, but the others aren't quite clear to me, in their extents as well as in their granularity.

What is the difference between these levels?

Solution

2013: The project_security_spec.rb test each profile capabilities, which are listed in ability.rb:

(2017 GitLab 10.x: this would be more likely in app/policies/project_policy.rb)

See also, as noted in jdhao's answer: "Project members permissions"

Those rules are quite explicit:

def public_project_rules
  [
    :download_code,
    :fork_project,
    :read_project,
    :read_wiki,
    :read_issue,
    :read_milestone,
    :read_project_snippet,
    :read_team_member,
    :read_merge_request,
    :read_note,
    :write_issue,
    :write_note
  ]
end

def project_guest_rules
  [
    :read_project,
    :read_wiki,
    :read_issue,
    :read_milestone,
    :read_project_snippet,
    :read_team_member,
    :read_merge_request,
    :read_note,
    :write_project,
    :write_issue,
    :write_note
  ]
end

def project_report_rules
  project_guest_rules + [
    :download_code,
    :fork_project,
    :write_project_snippet
  ]
end

def project_dev_rules
  project_report_rules + [
    :write_merge_request,
    :write_wiki,
    :push_code
  ]
end

That means:

a reporter is a guest who can also:
- download code,
- fork a project,
- write project snippet
a developer is a reporter who can also:
- write merge request,
- write wiki pages,
- push code

Note: with GitLab 15.0 (May 2022):

Users with the Reporter role can manage iterations and milestones

We’ve changed the permissions necessary to create, edit, and delete milestones and iterations from the Developer to Reporter role.

This change better reflects the typical day-to-day Reporter responsibilities of managing and tracking planning timeboxes.

See Documentation and Issue.

And GitLab 17.0 (May 2024) adds, still for the Reporter role:

Design Management features extended to Product teams

GitLab is expanding collaboration by updating our permissions. Now, users with the Reporter role can access Design Management features, enabling product teams to engage more directly in the design process. This change simplifies workflows and accelerates innovation by inviting broader participation from across your organization.

See Documentation and Issue.

And, still with GitLab 17.0 (May 2024)

Guests in groups can link issues

We reduced the minimum role required to relate issues and tasks from Reporter to Guest, giving you more flexibility to organize work across your GitLab instance while maintaining permissions.

See Documentation and Epic.

And GitLab 17.7 (December 2024) adds:

New Planner user role

We’ve introduced the new Planner role to give you tailored access to Agile planning tools like epics, roadmaps, and Kanban boards without over-provisioning permissions. This change helps you collaborate more effectively while keeping your workflows secure and aligned with the principle of least privilege.

See Documentation and Issue.