Subgroups
Introduced in GitLab 9.0.
You can organize GitLab groups into subgroups. You can use subgroups to:
- Separate internal and external organizations. Because every subgroup can have its own visibility level, you can host groups for different purposes under the same parent group.
- Organize large projects. You can use subgroups to give different access to parts of the source code.
- Manage people and control visibility. Give a user a different role for each group they’re a member of.
Subgroups can:
- Belong to one immediate parent group.
- Have many subgroups.
- Be nested up to 20 levels.
- Use runners registered to parent groups:
- Secrets configured for the parent group are available to subgroup jobs.
- Users with the Maintainer role in projects that belong to subgroups can see the details of runners registered to parent groups.
For example:
View subgroups of a group
Prerequisite:
- To view private nested subgroups, you must be a direct or inherited member of the private subgroup.
To view the subgroups of a group:
- On the left sidebar, select Search or go to and find your group.
- Select the Subgroups and projects tab.
- To view a nested subgroup, expand a subgroup in the hierarchy list.
Private subgroups in public parent groups
In the hierarchy list, public groups with a private subgroup have an expand option () for all users that indicate there is a subgroup. When users who are not direct or inherited members of the private subgroup select expand (), the nested subgroup does not display.
If you prefer to keep information about the presence of nested subgroups private, we advise that you add private subgroups only to private parent groups.
Create a subgroup
Prerequisites:
- You must have either:
- At least the Maintainer role for a group to create subgroups for it.
- The role determined by a setting. These users can create subgroups even if group creation is disabled by an Administrator in the user’s settings.
subgroupname.example.io
.To create a subgroup:
- On the left sidebar, select Search or go to and find a parent group for the subgroup.
- On the parent group’s overview page, in the upper-right corner, select New subgroup.
- Select Create group.
- Fill in the fields. View a list of reserved names that cannot be used as group names.
- Select Create group.
Change who can create subgroups
Prerequisite:
- You must have at least the Maintainer role on the group, depending on the group’s setting.
To change who can create subgroups on a group:
- As a user with the Owner role on the group:
- On the left sidebar, select Search or go to and find your group.
- Select Settings > General.
- Expand Permissions and group features.
- Select a role from Roles allowed to create subgroups.
- Select Save changes.
- As an administrator:
- On the left sidebar, select Search or go to.
- Select Admin Area.
- On the left sidebar, select Overview > Groups.
- In the group’s row select Edit.
- Select a role from Allowed to create subgroups.
- Select Save changes.
For more information, view the permissions table.
Subgroup membership
When you add a member to a group, that member is also added to all subgroups. The user’s permissions are inherited from the group’s parent.
Subgroup members can be:
- Direct members of the subgroup.
- Inherited members of the subgroup from the subgroup’s parent group.
- Members of a group that was shared with the subgroup’s top-level group.
Group permissions for a member can be changed only by:
- Users with the Owner role on the group.
- Changing the configuration of the group the member was added to.
Determine membership inheritance
To see if a member has inherited the permissions from a parent group:
- On the left sidebar, select Search or go to and find your group.
- Select Manage > Members.
Members list for an example subgroup Four:
In the screenshot above:
- Five members have access to group Four.
- User 0 has the Reporter role on group Four, and has inherited their permissions from group One:
- User 0 is a direct member of group One.
- Group One is above group Four in the hierarchy.
- User 1 has the Developer role on group Four and inherited their permissions from group Two:
- User 0 is a direct member of group Two, which is a subgroup of group One.
- Groups One / Two are above group Four in the hierarchy.
- User 2 has the Developer role on group Four and has inherited their permissions from group Three:
- User 0 is a direct member of group Three, which is a subgroup of group Two. Group Two is a subgroup of group One.
- Groups One / Two / Three are above group Four the hierarchy.
- User 3 is a direct member of group Four. This means they get their Maintainer role directly from group Four.
- Administrator has the Owner role on group Four and is a member of all subgroups. For that reason, as with User 3, the Source column indicates they are a direct member.
Members can be filtered by inherited or direct membership.
Override ancestor group membership
Users with the Owner role on a subgroup can add members to it.
You can’t give a user a role on a subgroup that’s lower than the roles they have on ancestor groups. To override a user’s role on an ancestor group, add the user to the subgroup again with a higher role. For example:
- If User 1 is added to group Two with the Developer role, they inherit that role in every subgroup of group Two.
- To give User 1 the Maintainer role on group Four (under One / Two / Three), add them again to group Four with the Maintainer role.
- If User 1 is removed from group Four, their role falls back to their role on group Two. They have the Developer role on group Four again.
Mention subgroups
Mentioning subgroups (@<subgroup_name>
) in issues, commits, and merge requests
notifies all direct members of that group. Inherited members of a subgroup are not notified by mentions. Mentioning works the same as for projects and groups, and you can choose the group
of people to be notified.