Gitlab Project - Setup an Organization

Use GITLAB to setup an organization

• Tier: Free, Premium, Ultimate

• Offering: GitLab Self-Managed

In GitLab, you set up and manage your company’s GitLab organization by:

• Creating groups, subgroups, and projects.

• Assigning group members different roles in these groups and projects: CISO Central

In this tutorial, you are the IT administrator of a small software company. This company uses GitLab and is divided into marketing, sales, and development divisions.

You have already set up the marketing and sales organizations. In this tutorial, you will set up the software development organization. This organization has the following permanent employees:

• One IT administrator: You.

• One product manager: Alex Smith.

• One engineering manager: Blake Wang.

• Three software developers: Charlie Devi, Devon Ivanov, Evan Kim.

• One UX designer: Frankie Ali.

• One technical writer: Grayson Garcia.

Create the organization parent group and subgroups (https://gitlab.com/follo-central-group)

You first create a group, Development, to serve as the parent group for the whole software development organization.

1. Open GitLab Self-Managed.

2. On the left sidebar, at the top, select Create new (  ) and New group.

3. Select Create group.

4. In Group name, enter CISO Central.

5. Enter ciso-central-group for the group in Group URL. You see a message saying “Group path is available”. The group URL is used for the namespace.

6. For visibility level, make the group Private. This means any subgroups of this group must be private as well.

7. Personalize your GitLab experience by answering the following questions:

   • For Role, select Development Team Lead. This role is different to the roles that affect member permissions.

   • For Who will be using this group?, select My company or team.

   • For What will you use this group for?, select I want to store my code.

8. Do not invite any GitLab members or other users to join the group yet.

9. Select Create group.

Create the organization subgroups

For this tutorial, we assume that Development is organized into the following working areas:

• Product Management.

• Engineering.

• User Experience.

  • UX Design.

  • Technical Writing.

You will now create subgroups to reflect this organization structure.

Subgroups and projects must have visibility settings that are at least as restrictive as the visibility setting of their parent group. For example, you cannot have a private parent group and a public subgroup.

1. On the left sidebar, select Search or go to.

2. Select View all my groups.

3. Select Development. You should see an Owner label next to the group name as you have the Owner role.

4. On the parent group’s overview page, in the upper-right corner, select New subgroup.

5. In Subgroup name, enter Product Management.

6. The Subgroup slug is automatically completed with product-management. Do not change this field.

7. For Visibility level, you can only select Private because the parent group, Development, is also private.

8. Select Create subgroup.

9. Repeat for the following subgroups:

   • Engineering.

   • User Experience.

     • UX Design.

     • Technical Writing.

UX Design and Technical Writing are subgroups nested in the User Experience subgroup.

Add users to the subgroups

You will now add users directly to the different subgroups.

Add users to the Product Management subgroup

1. On the left sidebar, select Search or go to and find the Development group.

2. Select the Product Management subgroup.

3. On the left sidebar, select Subgroup information > Members.

Excluding you, Alex is the only member of this subgroup and is a direct member, which is correct. However, you believe they should have the Maintainer role instead of the Owner role.

Change user role in the subgroup

You cannot change their role directly on the members page. To change their role in the subgroup, invite them to the subgroup as a Maintainer.

1. Select Invite members.

2. Complete the fields for the product manager, Alex Smith.

   • Give Alex the Maintainer role.

   • Leave Access expiration date blank.

3. Select Invite.

You will see the following message:

Copy to clipboard

The following member couldn't be invited

Review the invite errors and try again:

- Alex Smith: Access level should be greater than or equal to Owner inherited membership from group Development

You cannot give Alex a subgroup role with an access level less than their role for the subgroup’s parent group, as they have an inherited membership from the parent group.

You decide to keep Alex as an Owner in this subgroup as it is appropriate given their role for the organization. Select Cancel to cancel this invite.

The Product Management subgroup has the correct members and roles. Next you will add users to the Engineering subgroup.

Add users to the Engineering subgroup

You are now going to invite some users to the Engineering subgroup.

1. On the left sidebar, select Search or go to and find the Development group.

2. Select the Engineering subgroup.

3. On the left sidebar, select Subgroup information > Members. The only members are you and Alex, both with the Owner role. These are inherited roles.

4. Select Invite members.

5. Complete the fields for the following members:

User

Role

Access expiration date

Blake Wang

Maintainer

Leave blank

Charlie Devi

Developer

Leave blank

Devon Ivanov

Developer

Leave blank

Evan Kim

Developer

Leave blank

6. 
   Select Invite.
   Blake Wang has the Maintainer role in this subgroup, in line with their responsibilities as engineering manager. The three developers all have the Developer role. These are direct roles.

7. You can change their roles directly on this subgroup’s member page. Change Blake Wang to an Owner for this subgroup.

8. Go back to the Development group’s member page. You see that the members of the Engineering subgroup are not members of the parent group.

By adding users directly to the groups and subgroups they need to be members of, you avoid the issue of users being members of groups unnecessarily. You can control access to different groups and projects in a more precise way.

Add users to the User Experience subgroup

The User Experience subgroup has two further nested subgroups:

• UX Design.

• Technical Writing.

In terms of users, UX Design should only include Frankie Ali and Hunter Silva, and Technical Writing should only include Grayson Garcia.

If you add all three users to the User Experience subgroup, they will all be included in both nested subgroups due to inherited permissions.

Therefore, you will add these users to the appropriate nested subgroup directly rather than to the User Experience subgroup.

1. On the left sidebar, select Search or go to and find the Development group.

2. Select the User Experience subgroup, and then the UX Design subgroup.

3. On the left sidebar, select Subgroup information > Members. You and Alex Smith are currently the only members. These are inherited roles.

4. Select Invite members.

5. Complete the fields and select Invite for the following members:

User

Role

Access expiration date

Frankie Ali

Maintainer

Leave blank

Hunter Silva

Guest

2025-12-31

6. 
   Repeat for the Technical Writing subgroup:

User

Role

Access expiration date

Grayson Garcia

Maintainer

Leave blank

You have added the users to their appropriate nested subgroups. You decide that Grayson Garcia should be in the User Experience subgroup as well.

Create a project

Now, let’s assume that you have a piece of work that certain members of your organization need to work on, and that piece of work is for the whole organization. To organize that work, you are going to create a project in the Development parent group, and add different users to that project.

1. On the left sidebar, select Search or go to and find the Development group.

2. Select Create new (  ) and New project/repository.

3. Select Create blank project.

4. Enter the project details:

   • In the Project name field, enter Release 2.0 as the name of your project.

   • Leave the Project slug field as is, which is based on the project name.

   • To modify the project’s viewing and access rights for users, you can change the Visibility Level. Given that the parent group is private, the project can only be Private as well.

   • To create a README file so that the Git repository is initialized, has a default branch, and can be cloned, select the Initialize repository with a README checkbox.

   • To analyze the source code in the project for known security vulnerabilities, select the Enable Static Application Security Testing (SAST) checkbox.

5. Select Create project.

You have now created a project in the parent group.

In this project, go to Manage > Members.

The existing members of the parent group (you and Alex) are already members of this project because when your project belongs to a group, project members inherit their role from the group.

There are other users that need to be part of this project. You will now add users directly to the project.