2021-01-03 14:25:43 +05:30
---
2021-02-22 17:27:13 +05:30
stage: Enablement
group: Distribution
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2021-01-03 14:25:43 +05:30
---
2019-07-31 22:56:46 +05:30
2021-01-03 14:25:43 +05:30
# Auditor users **(PREMIUM ONLY)**
2019-07-31 22:56:46 +05:30
Auditor users are given read-only access to all projects, groups, and other
resources on the GitLab instance.
## Overview
2021-01-03 14:25:43 +05:30
Auditor users are able to have both full access to their own resources
(including projects, groups, and snippets) and read-only access to _all_ other
resources, except the [Admin Area ](../user/admin_area/index.md ). These user
accounts are regular users who can be added to projects, create personal
snippets, and create milestones on their groups, while also having read-only
access to all projects on the server to which they haven't been explicitly
[given access ](../user/permissions.md ).
2019-07-31 22:56:46 +05:30
The Auditor role is _not_ a read-only version of the Admin role. Auditor users
2021-01-03 14:25:43 +05:30
can't access the project or group settings pages, or the Admin Area.
2019-07-31 22:56:46 +05:30
2021-01-03 14:25:43 +05:30
Assuming you have signed in as an Auditor user:
2019-07-31 22:56:46 +05:30
- For a project the Auditor is not member of, the Auditor should have
2021-01-03 14:25:43 +05:30
read-only access. If the project is public or internal, they have the same
access as users that aren't members of that project or group.
2019-07-31 22:56:46 +05:30
- For a project the Auditor owns, the Auditor should have full access to
everything.
2021-01-03 14:25:43 +05:30
- For a project to which the Auditor is added as a member, the Auditor should
have the same access as their given [permissions ](../user/permissions.md ).
For example, if they were added as a Developer, they can push commits or
comment on issues.
- The Auditor can't view the Admin Area, or perform any admin actions.
2019-07-31 22:56:46 +05:30
For more information about what an Auditor can or can't do, see the
[Permissions and restrictions of an Auditor user ](#permissions-and-restrictions-of-an-auditor-user )
section.
## Use cases
2021-01-03 14:25:43 +05:30
The following use cases describe some situations where Auditor users could be
helpful:
- Your compliance department wants to run tests against the entire GitLab base
to ensure users are complying with password, credit card, and other sensitive
data policies. With Auditor users, this can be achieved very without having
to give them user admin rights or using the API to add them to all projects.
- If particular users need visibility or access to most of all projects in
your GitLab instance, instead of manually adding the user to all projects,
you can create an Auditor user and then share the credentials with those users
to which you want to grant access.
2019-07-31 22:56:46 +05:30
## Adding an Auditor user
2021-01-03 14:25:43 +05:30
To create a new Auditor user:
2019-07-31 22:56:46 +05:30
1. Create a new user or edit an existing one by navigating to
2021-02-22 17:27:13 +05:30
**Admin Area > Users** . The option of the access level is located in
2019-07-31 22:56:46 +05:30
the 'Access' section.
2019-10-12 21:52:04 +05:30
![Admin Area Form ](img/auditor_access_form.png )
2019-07-31 22:56:46 +05:30
2021-01-03 14:25:43 +05:30
1. Select **Save changes** or **Create user** for the changes to take effect.
2019-07-31 22:56:46 +05:30
2021-01-03 14:25:43 +05:30
To revoke Auditor permissions from a user, make them a regular user by
following the previous steps.
2019-07-31 22:56:46 +05:30
## Permissions and restrictions of an Auditor user
An Auditor user should be able to access all projects and groups of a GitLab
2021-01-03 14:25:43 +05:30
instance, with the following permissions and restrictions:
2019-07-31 22:56:46 +05:30
- Has read-only access to the API
- Can access projects that are:
- Private
- Public
- Internal
- Can read all files in a repository
2021-01-03 14:25:43 +05:30
- Can read issues and MRs
2019-07-31 22:56:46 +05:30
- Can read project snippets
- Cannot be Admin and Auditor at the same time
2020-03-13 15:44:24 +05:30
- Cannot access the Admin Area
2021-01-03 14:25:43 +05:30
- In a group or project they're not a member of:
2019-07-31 22:56:46 +05:30
- Cannot access project settings
- Cannot access group settings
- Cannot commit to repository
2021-01-03 14:25:43 +05:30
- Cannot create or comment on issues and MRs
- Cannot create or modify files from the Web UI
2019-07-31 22:56:46 +05:30
- Cannot merge a merge request
- Cannot create project snippets