Custom admin roles are now GA

GitLab is introducing granular permissions for the Admin area in GitLab Self-Managed and GitLab Dedicated instances. These custom admin roles allow organizations to implement the principle of least privilege for their instances while maintaining operational efficiency. Similar to custom roles for groups and projects, custom admin roles provide fine-grained permissions to control access to the Admin area.

These granular admin permissions allow organizations to create purpose-built administrative roles instead of granting complete administrator access to users. Potential use cases include:

• Platform Team: Access to runner management, instance monitoring, and performance metrics
• Support Team: Access to user management and troubleshooting workflows
• Leadership Team: Access to dashboards, usage statistics, and licensing

Features

• Granular permissions: Custom permissions let you build a role that fits your needs.
• Instance-level management: Custom admin roles are created and managed centrally.
• LDAP integration: Support for mapping large user sets to roles through directory servers.
• Audit integration: Works with existing Admin mode and audit events.

Mission: Improve software supply chain security

This feature represents a critical step in GitLab's broader mission to improve your software supply chain security. As part of this mission, GitLab has also added custom roles for projects and groups and granular permissions for CI/CD job tokens.

For more information on custom admin roles, see custom roles. Additional permissions are planned for future releases. To share feedback, see the custom roles issue.