GitLab user for organisation and GitLab users permissions, does it really have to be Owner and why?


We are using GitLab, GitLab CI and Generally it is working great but there is one thing which is bugging us heavily. The GitLab User who is handling the comments etc. does need to be “Owner” and nothing else is supported.

I am curious why this is the case. So far the only thing i have seen is, that the user is commenting on Merge Requests (and this works with Reporter role too).
The Token with API access will still work, the analysis is done via GitLab CI so there is no need for further information.

Hence that we are curious, because we figured out it is working with fewer permissions also. So we:

  1. elevate the permissions of our sonarcloud bot user to owner
  2. Update the token in
  3. demote the user to reporter

We might miss here an edge case or functionality, it would be good to verify what functionality we might miss with less permissions and therefore higher security. (We try to avoid as many owner as possible)

Thank you

PS: the warning when adding the token states that the user has to be admin but it actually should be Owner as there is no such role as admin on GitLab SaaS :slight_smile: