Visibility and access controls
GitLab allows administrators to:
- Control access and visibility to GitLab resources including branches and projects.
- Select from which hosting sites code can be imported into GitLab.
- Select the protocols permitted to access GitLab.
- Enable or disable repository mirroring.
- Prevent non-administrators from deleting projects (introduced in GitLab 12.0). (PREMIUM ONLY)
To access the visibility and access control options:
- Log in to GitLab as an admin.
- Go to Admin Area > Settings > General.
- Expand the Visibility and access controls section.
Import sources
Choose from which hosting sites users can import their projects.
Enabled Git access protocols
Introduced in GitLab 8.10.
With GitLab's access restrictions, you can select with which protocols users can communicate with GitLab.
From the Enabled Git access protocols dropdown, select one of the following:
- Both SSH and HTTP(S)
- Only SSH
- Only HTTP(s)
When both SSH and HTTP(S) are enabled, your users can choose either protocol.
When only one protocol is enabled:
- The project page will only show the allowed protocol's URL, with no option to change it.
- A tooltip will be shown when you hover over the URL's protocol, if an action on the user's part is required, e.g. adding an SSH key, or setting a password.
On top of these UI restrictions, GitLab will deny all Git actions on the protocol not selected.
CAUTION: Important: Starting with GitLab 10.7, HTTP(s) protocol will be allowed for git clone/fetch requests done by GitLab Runner from CI/CD Jobs, even if Only SSH was selected.
Note: Please keep in mind that disabling an access protocol does not actually block access to the server itself. The ports used for the protocol, be it SSH or HTTP, will still be accessible. What GitLab does is restrict access on the application level.
Allow mirrors to be set up for projects
Introduced in GitLab 10.3.
This option is enabled by default. By disabling it, both pull and push mirroring will no longer work in every repository and can only be re-enabled by an admin on a per-project basis.