Available custom abilities
The following abilities are available. You can add these abilities in any combination
to a base role to create a custom role.
Some abilities require having other abilities enabled first. For example, administration of vulnerabilities (admin_vulnerability) can only be enabled if reading vulnerabilities (read_vulnerability) is also enabled.
These requirements are documented in the Required ability column in the following table.
Code review workflow
| Name
| Required permission
| Description
| Introduced in
| Feature flag
| Enabled in
|
admin_merge_request
|
| Allows approval of merge requests.
| GitLab 16.4
|
|
|
read_code
|
| Allows read-only access to the source code.
| GitLab 15.7
| customizable_roles
| GitLab 15.9
|
Group and projects
| Name
| Required permission
| Description
| Introduced in
| Feature flag
| Enabled in
|
admin_group_member
|
| Allows admin of group members.
| GitLab 16.5
| admin_group_member
| GitLab 16.6
|
Groups and projects
| Name
| Required permission
| Description
| Introduced in
| Feature flag
| Enabled in
|
archive_project
|
| Allows archiving of projects.
| GitLab 16.6
| archive_project
| GitLab 16.7
|
remove_project
|
| Allows deletion of projects.
| GitLab 16.8
|
|
|
Infrastructure as code
| Name
| Required permission
| Description
| Introduced in
| Feature flag
| Enabled in
|
admin_terraform_state
|
| Allows to admin terraform state
| GitLab 16.8
|
|
|
System access
Vulnerability management
| Name
| Required permission
| Description
| Introduced in
| Feature flag
| Enabled in
|
admin_vulnerability
| read_vulnerability
| Allows admin access to the vulnerability reports.
| GitLab 16.1
|
|
|
read_dependency
|
| Allows read-only access to the dependencies.
| GitLab 16.3
|
|
|
read_vulnerability
|
| Allows read-only access to the vulnerability reports.
| GitLab 16.1
|
|
|