summaryrefslogtreecommitdiff
path: root/doc/user/permissions.md
diff options
context:
space:
mode:
authorKamil Trzcinski <ayufan@ayufan.eu>2016-09-21 16:53:27 +0200
committerKamil Trzcinski <ayufan@ayufan.eu>2016-09-22 14:40:08 +0200
commit77271388be56d94abfd44b31a15821107f6aab5b (patch)
tree21fc6af6a00fe75c8509a168c3c907f75b0a67a1 /doc/user/permissions.md
parent88d83e2e6f0089082f5db8841561f09a38d294a1 (diff)
downloadgitlab-ce-77271388be56d94abfd44b31a15821107f6aab5b.tar.gz
Update permissions table
Diffstat (limited to 'doc/user/permissions.md')
-rw-r--r--doc/user/permissions.md29
1 files changed, 23 insertions, 6 deletions
diff --git a/doc/user/permissions.md b/doc/user/permissions.md
index 7fc642f8c77..eb5bb43bb55 100644
--- a/doc/user/permissions.md
+++ b/doc/user/permissions.md
@@ -198,14 +198,20 @@ This table shows granted privileges for builds triggered by specific types of us
|---------------------------------------------|-----------------|-------------|----------|--------|
| Run CI build | | ✓ | ✓ | ✓ |
| Clone source and LFS from current project | | ✓ | ✓ | ✓ |
-| Clone source and LFS from other projects | | ✓ [^1] | ✓ [^1] | ✓ [^1] |
-| Push source and LFS to current project | | | | |
-| Push source and LFS to other projects | | | | |
+| Clone source and LFS from public projects | | ✓ | ✓ | ✓ |
+| Clone source and LFS from internal projects | | ✓ [^3] | ✓ [^3] | ✓ |
+| Clone source and LFS from private projects | | ✓ [^4] | ✓ [^4] | ✓ [^4] |
+| Push source and LFS | | | | |
| Pull container images from current project | | ✓ | ✓ | ✓ |
-| Pull container images from other projects | | ✓ [^1] | ✓ [^1] | ✓ [^1] |
+| Pull container images from public projects | | ✓ | ✓ | ✓ |
+| Pull container images from internal projects| | ✓ [^3] | ✓ [^3] | ✓ |
+| Pull container images from private projects | | ✓ [^4] | ✓ [^4] | ✓ [^4] |
| Push container images to current project | | ✓ | ✓ | ✓ |
| Push container images to other projects | | | | |
+[^3]: Only if user is not external one.
+[^4]: Only if user is a member of the project.
+
### Build token
The above gives a question about trustability of build token.
@@ -226,8 +232,19 @@ your runners in most secure possible way, by avoiding using this configurations:
1. Using `shell` executor,
By using in-secure GitLab Runner configuration you allow the rogue developers
-to steal the tokens of other builds. However, this problem existed before,
-but
+to steal the tokens of other builds.
+
+### Debugging problems
+
+It can happen that some of the users will complain that CI builds do fail for them.
+
+It is most likely that your project access other projects sources,
+and the user doesn't have the permissions.
+In the build log look for information about 403 or forbidden access.
+
+You then as Administrator can verify that the user is a member of the group or project,
+and you when impersonated as the user can retry a failing build
+on behalf of the user to verify that everything is correct.
### Before 8.12