Skip to content

Member roles API

DETAILS: Tier: Ultimate Offering: GitLab.com, GitLab Self-Managed

Use this API to interact with member roles for your GitLab.com groups or entire self-managed instance.

Manage instance member roles

DETAILS: Tier: Ultimate Offering: GitLab Self-Managed, GitLab Dedicated

Prerequisites:

Get all instance member roles

Get all member roles in an instance.

GET /member_roles

Example request:

curl --header "Authorization: Bearer <your_access_token>" "https://gitlab.example.com/api/v4/member_roles"

Example response:

[
  {
    "id": 2,
    "name": "Instance custom role",
    "description": "Custom guest that can read code",
    "group_id": null,
    "base_access_level": 10,
    "admin_cicd_variables": false,
    "admin_compliance_framework": false,
    "admin_group_member": false,
    "admin_merge_request": false,
    "admin_push_rules": false,
    "admin_terraform_state": false,
    "admin_vulnerability": false,
    "admin_web_hook": false,
    "archive_project": false,
    "manage_deploy_tokens": false,
    "manage_group_access_tokens": false,
    "manage_merge_request_settings": false,
    "manage_project_access_tokens": false,
    "manage_security_policy_link": false,
    "read_code": true,
    "read_runners": false,
    "read_dependency": false,
    "read_vulnerability": false,
    "remove_group": false,
    "remove_project": false
  }
]

Create a instance member role

Create an instance-wide member role.

POST /member_roles

Supported attributes:

Attribute Type Required Description
name string yes The name of the member role.
description string no The description of the member role.
base_access_level integer yes Base access level for configured role. Valid values are 10 (Guest), 15 (Planner), 20 (Reporter), 30 (Developer), 40 (Maintainer), or 50 (Owner).
admin_cicd_variables boolean no Permission to create, read, update, and delete CI/CD variables.
admin_compliance_framework boolean no Permission to administer compliance frameworks.
admin_group_member boolean no Permission to add, remove and assign members in a group.
admin_merge_request boolean no Permission to approve merge requests.
admin_push_rules boolean no Permission to configure push rules for repositories at group or project level.
admin_terraform_state boolean no Permission to administer project terraform state.
admin_vulnerability boolean no Permission to edit the vulnerability object, including the status and linking an issue.
admin_web_hook boolean no Permission to administer web hooks.
archive_project boolean no Permission to archive projects.
manage_deploy_tokens boolean no Permission to manage deploy tokens.
manage_group_access_tokens boolean no Permission to manage group access tokens.
manage_merge_request_settings boolean no Permission to configure merge request settings.
manage_project_access_tokens boolean no Permission to manage project access tokens.
manage_security_policy_link boolean no Permission to link security policy projects.
read_code boolean no Permission to read project code.
read_runners boolean no Permission to view project runners.
read_dependency boolean no Permission to read project dependencies.
read_vulnerability boolean no Permission to read project vulnerabilities.
remove_group boolean no Permission to delete or restore a group.
remove_project boolean no Permission to delete a project.

For more information on available permissions, see custom permissions.

Example request:

 curl --request POST --header "Content-Type: application/json" --header "Authorization: Bearer <your_access_token>" --data '{"name" : "Custom guest (instance)", "base_access_level" : 10, "read_code" : true}' "https://gitlab.example.com/api/v4/member_roles"

Example response:

{
  "id": 3,
  "name": "Custom guest (instance)",
  "group_id": null,
  "description": null,
  "base_access_level": 10,
  "admin_cicd_variables": false,
  "admin_compliance_framework": false,
  "admin_group_member": false,
  "admin_merge_request": false,
  "admin_push_rules": false,
  "admin_terraform_state": false,
  "admin_vulnerability": false,
  "admin_web_hook": false,
  "archive_project": false,
  "manage_deploy_tokens": false,
  "manage_group_access_tokens": false,
  "manage_merge_request_settings": false,
  "manage_project_access_tokens": false,
  "manage_security_policy_link": false,
  "read_code": true,
  "read_runners": false,
  "read_dependency": false,
  "read_vulnerability": false,
  "remove_group": false,
  "remove_project": false
}

Delete an instance member role

Delete a member role from the instance.

DELETE /member_roles/:member_role_id

Supported attributes:

Attribute Type Required Description
member_role_id integer yes The ID of the member role.

If successful, returns 204 and an empty response.

Example request:

curl --request DELETE --header "Content-Type: application/json" --header "Authorization: Bearer <your_access_token>" "https://gitlab.example.com/api/v4/member_roles/1"

Manage group member roles

DETAILS: Tier: Ultimate Offering: GitLab.com

Prerequisites:

  • You must have the Owner role for the group.

Get all group member roles

GET /groups/:id/member_roles

Supported attributes:

Attribute Type Required Description
id integer/string yes The ID or URL-encoded path of the group of the group

Example request:

curl --header "Authorization: Bearer <your_access_token>" "https://gitlab.example.com/api/v4/groups/84/member_roles"

Example response:

curl --header "Authorization: Bearer <your_access_token>" "https://gitlab.example.com/api/v4/member_roles"
```0

### Add a member role to a group

> - Ability to add a name and description when creating a custom role [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/126423) in GitLab 16.3.

Adds a member role to a group. You can only add member roles at the root level of the group.

```shell
curl --header "Authorization: Bearer <your_access_token>" "https://gitlab.example.com/api/v4/member_roles"
```1

Parameters:

| Attribute | Type                | Required | Description |
|:----------|:--------|:---------|:-------------------------------------|
| `id`      | integer/string      | yes      | The ID or [URL-encoded path of the group](rest/index.md#namespaced-paths) of the group. |
| `admin_cicd_variables` | boolean | no       | Permission to create, read, update, and delete CI/CD variables. |
| `admin_compliance_framework` | boolean | no       | Permission to administer compliance frameworks. |
| `admin_group_member` | boolean | no       | Permission to add, remove and assign members in a group. |
| `admin_merge_request` | boolean | no       | Permission to approve merge requests. |
| `admin_push_rules` | boolean | no       | Permission to configure push rules for repositories at group or project level. |
| `admin_terraform_state` | boolean | no       | Permission to admin project terraform state. |
| `admin_vulnerability` | boolean | no       | Permission to admin project vulnerabilities. |
| `admin_web_hook` | boolean | no       | Permission to administer web hooks. |
| `archive_project` | boolean | no       | Permission to archive projects. |
| `manage_deploy_tokens` | boolean | no       | Permission to manage deploy tokens. |
| `manage_group_access_tokens` | boolean | no       | Permission to manage group access tokens. |
| `manage_merge_request_settings` | boolean | no       | Permission to configure merge request settings. |
| `manage_project_access_tokens` | boolean | no       | Permission to manage project access tokens. |
| `manage_security_policy_link` | boolean | no       | Permission to link security policy projects. |
| `read_code`           | boolean | no       | Permission to read project code. |
| `read_runners`     | boolean | no       | Permission to view project runners. |
| `read_dependency`     | boolean | no       | Permission to read project dependencies. |
| `read_vulnerability`  | boolean | no       | Permission to read project vulnerabilities. |
| `remove_group` | boolean | no       | Permission to delete or restore a group. |
| `remove_project` | boolean | no       | Permission to delete a project. |

Example request:

```shell
curl --header "Authorization: Bearer <your_access_token>" "https://gitlab.example.com/api/v4/member_roles"
```2

Example response:

```shell
curl --header "Authorization: Bearer <your_access_token>" "https://gitlab.example.com/api/v4/member_roles"
```3

In GitLab 16.3 and later, you can use the API to:

- Add a name (required) and description (optional) when you
  [create a new custom role](../user/custom_roles.md#create-a-custom-role).
- Update an existing custom role's name and description.

### Remove member role of a group

Deletes a member role of a group.

```shell
curl --header "Authorization: Bearer <your_access_token>" "https://gitlab.example.com/api/v4/member_roles"
```4

| Attribute | Type | Required | Description |
|:----------|:--------|:---------|:-------------------------------------|
| `id`      | integer/string | yes | The ID or [URL-encoded path of the group](rest/index.md#namespaced-paths) of the group. |
| `member_role_id` | integer | yes   | The ID of the member role. |

If successful, returns [`204`](rest/troubleshooting.md#status-codes) and an empty response.

Example request:

```shell
curl --header "Authorization: Bearer <your_access_token>" "https://gitlab.example.com/api/v4/member_roles"
```5