Commit aad3a0d4 authored by Mike Jang's avatar Mike Jang

Merge branch 'docs-add-group-members-filtering' into 'master'

Add documentation for filtering and sorting group members

See merge request gitlab-org/gitlab!49988
parents b9a5347a 6c08b0cc
......@@ -211,6 +211,88 @@ To remove a member from a group:
1. (Optional) Select the **Also unassign this user from related issues and merge requests** checkbox.
1. Click **Remove member**.
## Filter and sort members in a group
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/21727) in GitLab 12.6.
> - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/228675) in GitLab 13.7.
> - Improvements are [deployed behind a feature flag](../feature_flags.md), enabled by default.
> - Improvements are enabled on GitLab.com.
> - Improvements are recommended for production use.
> - For GitLab self-managed instances, GitLab administrators can opt to [disable improvements](#enable-or-disable-improvements-to-the-ability-to-filter-and-sort-group-members). **(CORE ONLY)**
The following sections illustrate how you can filter and sort members in a group. To view these options,
navigate to your desired group, go to **Members**, and include the noted search terms.
### Membership filter
By default, inherited and direct members are displayed. The [membership](subgroups/index.md#membership) filter can be used to display only inherited or only direct members.
#### Only display inherited members
Include `Membership` `=` `Inherited` in the search text box.
![Group members filter inherited](img/group_members_filter_inherited_13_7.png)
#### Only display direct members
Include `Membership` `=` `Direct` in the search text box.
![Group members filter direct](img/group_members_filter_direct_13_7.png)
### 2FA filter
[Owner](../permissions.md#group-members-permissions) permissions required.
By default, members with 2FA enabled and disabled are displayed. The 2FA filter can be used to display only members with 2FA enabled or only members with 2FA disabled.
#### Only display members with 2FA enabled
Include `2FA` `=` `Enabled` in the search text box.
![Group members filter 2FA enabled](img/group_members_filter_2fa_enabled_13_7.png)
#### Only display members with 2FA disabled
Include `2FA` `=` `Disabled` in the search text box.
![Group members filter 2FA disabled](img/group_members_filter_2fa_disabled_13_7.png)
### Search
You can search for members by name, username, or email.
![Group members search](img/group_members_search_13_7.png)
### Sort
You can sort members by **Account**, **Access granted**, **Max role**, or **Last sign-in** in ascending or descending order.
![Group members sort](img/group_members_sort_13_7.png)
### Enable or disable improvements to the ability to filter and sort group members **(CORE ONLY)**
Group member filtering and sorting improvements are deployed behind a feature flag that is **enabled by default**.
[GitLab administrators with access to the GitLab Rails console](../../administration/feature_flags.md)
can opt to disable the improvements.
To disable them:
```ruby
# For the instance
Feature.disable(:group_members_filtered_search)
# For a single group
Feature.disable(:group_members_filtered_search, Group.find(<group id>))
```
To enable them:
```ruby
# For the instance
Feature.enable(:group_members_filtered_search)
# For a single group
Feature.enable(:group_members_filtered_search, Group.find(<group id>))
```
## Changing the default branch protection of a group
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7583) in GitLab 12.9.
......
......@@ -116,9 +116,9 @@ Follow the same process to create any subsequent groups.
## Membership
When you add a member to a subgroup, they inherit the membership and permission
level from the parent group(s). This model allows access to nested groups if you
have membership in one of its parents.
When you add a member to a group, that member is also added to all subgroups.
Permission level is inherited from the group’s parent. This model allows access to
subgroups if you have membership in one of its parents.
Jobs for pipelines in subgroups can use [runners](../../../ci/runners/README.md) registered to the parent group(s).
This means secrets configured for the parent group are available to subgroup jobs.
......@@ -131,31 +131,23 @@ the **Members** page of the group the member was added.
You can tell if a member has inherited the permissions from a parent group by
looking at the group's **Members** page.
![Group members page](img/group_members.png)
![Group members page](img/group_members_13_7.png)
From the image above, we can deduce the following things:
- There are 5 members that have access to the group `four`.
- User0 is a Reporter and has inherited their permissions from group `one`
- User 0 is a Reporter and has inherited their permissions from group `one`
which is above the hierarchy of group `four`.
- User1 is a Developer and has inherited their permissions from group
- User 1 is a Developer and has inherited their permissions from group
`one/two` which is above the hierarchy of group `four`.
- User2 is a Developer and has inherited their permissions from group
- User 2 is a Developer and has inherited their permissions from group
`one/two/three` which is above the hierarchy of group `four`.
- For User3 there is no indication of a parent group, therefore they belong to
- For User 3 the **Source** column indicates **Direct member**, therefore they belong to
group `four`, the one we're inspecting.
- Administrator is the Owner and member of **all** subgroups and for that reason,
as with User3, there is no indication of an ancestor group.
as with User 3, the **Source** column indicates **Direct member**.
[From](https://gitlab.com/gitlab-org/gitlab/-/issues/21727) GitLab 12.6, you can filter
this list using dropdown on the right side:
![Group members filter](img/group_members_filter_v12_6.png)
- **Show only direct members** displays only Administrator and User3, since these are
the only users that belong to group `four`, which is the one we're inspecting.
- **Show only inherited members** displays User0, User1 and User2, no matter which group
above the hierarchy is the source of inherited permissions.
Members can be [filtered by inherited or direct membership](../index.md#membership-filter).
### Overriding the ancestor group membership
......@@ -169,9 +161,9 @@ Therefore, you cannot reduce a user's permissions in a subgroup with respect to
To override a user's membership of an ancestor group (the first group they were
added to), add the user to the new subgroup again with a higher set of permissions.
For example, if User0 was first added to group `group-1/group-1-1` with Developer
For example, if User 1 was first added to group `one/two` with Developer
permissions, then they inherit those permissions in every other subgroup
of `group-1/group-1-1`. To give them Maintainer access to `group-1/group-1-1/group1-1-1`,
of `one/two`. To give them Maintainer access to group `one/two/three/four`,
you would add them again in that group as Maintainer. Removing them from that group,
the permissions fall back to those of the ancestor group.
......
......@@ -289,6 +289,7 @@ group.
| View Value Stream analytics | ✓ | ✓ | ✓ | ✓ | ✓ |
| View Billing **(FREE ONLY)** | | | | | ✓ (4) |
| View Usage Quotas **(FREE ONLY)** | | | | | ✓ (4) |
| Filter members by 2FA status | | | | | ✓ |
1. Groups can be set to [allow either Owners or Owners and
Maintainers to create subgroups](group/subgroups/index.md#creating-a-subgroup)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment