►
Description
@mushakov and @gweaver talk about the challenges we need to overcome to provide better planning and permissions experiences within GitLab.
B
C
And
we
talked
about,
I
mean
the
value
in
this
is
that
a
I've
talked
to
a
customer
recently
who
they
manage
separate
instances
so
that
they
can
keep
different
organizations
separate
data
separate,
and
so,
if
I
remember
this
correctly,
this
organization
is
the
way
this.
This
works
in
azure
devops.
Is
there
they're
the
isolation.
A
C
B
B
So
then,
inside
of
that
you
have
project,
so
this
is
like
your
isolation.
Layer,
like
you,
said
right
so
and
then
in
here
you
have
different
projects,
they're,
like
repositories
for
things
right
and
you
can
choose
what
you
enable
in
them
right.
So
this
one's
not
new,
but
you
basically
get
like
a
welcome
screen,
which
basically
you
do
this
right.
So
you
can
say
this
is
boards.
This
is
repo.
This
is
pipelines.
This
test
plans
artifacts
right.
B
The
thing
that's
interesting
about
how
they
do
boards
is
that
I'll
go
back
to
project
settings.
Is
that
basically
how
it
starts
out?
It's
like
you
have
this
big
container
right.
When
you
create
the
project,
you
have
what
they
call
the
default
team,
which
is
just
like.
I
don't
know
in
case
it's
like
one
project,
one
theme
right
and
that's
where
it
ends,
but
you
can
actually
create.
Oh
here,
it's
over
here,
multiple
teams.
So
I
like
created
another
one.
I
can
show
you
what
that
looks
like.
B
B
C
A
C
B
A
A
B
B
B
So
I'll
put
it
here
right
and
save
so
then,
when
you
go
to
boards.
Basically
these
are
team.
Views
of
these
are
like
filtered
views
of
the
entire
project
repository
of
issues,
and
if
I
am
added
to
a
single
team,
then
I
only
see
this
board
right.
I
see
all
of
them
because
I'm
the
admin
here
right,
but
if
yeah,
you
would
see
like
a
filter
view
of
this,
and
this
is
where
you
like.
B
B
A
A
B
B
I
like
this.
I
think
we
definitely
need
to
have
this
higher
level
abstraction
level
of
organization
right,
because
I
think
that
will
make
things
easier
for
us
of
just
having
this
kind
of
special
again
like
a
more
simple
specialized
object
that
all
it
does
is
defines
boundaries
right
kind
of
like
what
we're
doing
with
top
level
groups.
A
B
Something,
that's
nice,
I
don't
understand
yet
how
you
would
get
those
team
level
metrics
like
what
you're
describing
right
or
how
that
would
work.
I
haven't
played
around
with
how
this
basically
ties
into
your
repository
right
like
once.
You
have
issues
and
one
project.
I
don't
know
how
that
ties
into.
B
C
Yeah,
I'm
pretty
sure
that
the
way
it
works
is
that
a
within
an
issue
you
you
reference
a
given
repository
so
like,
if
you
can
look
at
whatever
you
want,
I'm
pretty
sure
that's
how
it
works
is
like
you,
you
more
or
less
like
ref.
This
is
where
the
change
is
being
made
and
here's
like
the
change
requests
and
the
change
request
is
the
issue.
C
B
Yeah,
like
the
permissions
model,
is
very
complicated,
so,
like
a
story
right
is
that
I
was
working
with
a
customer
to
integrate
azure
devops
to
the
product
I
used
to
work
on
and
their
permissions
model
is
actually
super
complicated
because
you
have
like.
I
was
showing
you
like
over
here
in
organizations
right.
You
have
users
here
and
when
they,
you
add
them,
you're
assigning
a
permission
level
here
right
and
then
you're,
adding
them
to
projects.
B
Then
they
have
these
like
groups
here
that
have
permissions
level
associated
with
them
and
then
like
within
the
project.
You
can
have
another
set
of
permissions,
so
there's
like
nesting
levels,
and
we
had.
We
literally
spent
two
weeks
trying
to
create
a
user
that
had
the
right
permission
level
just
because
it
gets
so
confusing
with
how
flexible
it
is.
B
So
that's
something
that
I
do
not
like
yeah
as
far
as
the
project
setup.
The
thing
that's
really
nice
that
they
do
is
like.
Once
you
build
these
queries
and
build,
you
can
build
really
nice
dashboards
I'll
just
do
like,
like
they
have
this
really
nice
sort
of
like
sql
like
ui
right.
So
that's
really
nice
and
then
you
can
like
career
across
projects.
B
B
And
this
is
how
you
get
some
of
those
kind
of
like
team
level
metrics,
but
this
doesn't
solve
for
what
you're
trying
to
solve
for
right,
because
it
also
sort
of
imp.
There's
no
like
explicit
team
assignment
or
anything
like
that
right.
It
derives
all
of
the
metrics
and
everything
based
on
the
location
of
items.
C
Yes,
you
are,
but
you
may
maybe
not,
because
you
will,
if
one
issue
represents
the
change
in
the
repo
the
merge
request,
which
I'm
pretty
sure
that's
how
it
worked
last
time,
I'll
play
with
it
that
merge
request
would
be
mapped
to
the
area
that
the
issue
was,
which
would
be
the
team.
Okay,
every
path
does
that
make
sense.
C
C
Yeah
so
like
let's
say
you
go
to
gabe's
team
in
here
and
you
have
an
issue,
then
you
open
up
a
merge
request
which
I
haven't
gone
through.
We
can
go
through
the
merge
request,
process
and
the
repos
and
just
see
what
it's
like,
but
I'm
pretty
sure
you
can
associate
that
one
merge
request
with
the
issue:
that's
in
gabe's
team.
C
So
you
can
pull
through
that
way
right
now.
Our
our
problem
is
that
we
within
a
project
we
look
at
the
emerge,
requests
and
the
issues,
and
we
assume
that
everything
happens
in
that
one
project,
so
the
reporting,
for
example,
value
stream,
reporting
and
stuff
all
happens
based
on
the
objects
that
are
just
within
that
project.
C
C
Yeah
and
that's
kind
of
where
I
was
talking
about
a
little
bit
too
though,
but
like
given,
let's
use
gitlab
as
an
example.
We
have,
we
have
a
project
or
an
area
path
where
all
of
our
issues
would
live
right,
that's
open
to
the
public
right,
but
that
area
path
that
is
open
to
the
public.
Where
all
the
issue
lives
is
not
my
team
right,
and
so
I
would
need
it
to
live
there
and
then
also
be
able
to
associate
it
to
my
team.
B
C
C
Yes,
by
default,
it
would
be
the
group
or
it
would
be
the
group
wherever
the
thing
where
the
issue
is
created.
Unless
somebody
specifies
something
else
right,
so
they
can
pick
something
else.
When
it's
created
and
more
or
less
say
that
the
team
we
didn't
call
it,
we
could
just
call
it
whatever
we
call
the
container
or
the
thing
the
shared
namespace
type
thing,
and
then
it
would
just
show
up
there.
C
B
C
C
B
B
C
B
C
That's
one
of
the
things
I
liked
about
having
the
repo
separately
here.
Is
it
just
like
you,
don't
really
have
a
choice
but
then
again
like
we
couldn't
use
this
in.
I
think
the
way
it
was
intended
right
within
git
lab
having
like
a
public
issue
tracker
and
all
that
other
stuff,
then
you
would
be
in
the
same
boat
where
we
have
to
come
up
with
like
a
labeling
system.
C
A
B
C
C
A
C
B
B
C
Yeah
or
using
labels,
but
that's
still
you
know
like
if
you
want
to
go
for
like
zero
trust,
then
you
want
to
be
able
to
add
people
to
just
what
they
need
access
to
and
create
the
things
there
and
so
we're
working
on
epics.
Now
we
create
an
epic,
you
can
assign
it
to
a
child
group
which
is
really
small
change,
but
that
way
you
have
flexibility
like
push
things
up
and
down
or
almost
change
the
assignment
of
the
epic.
C
I
think
eventually,
the
same
could
apply
if
you
have,
if
you
create
an
epic
like
in
a
top
level
group,
and
you
want
to
assign
it
to
a
child
group,
you
could
assign
it
to
that
child
group
and
it
would
show
up
in
that
list
without
having
to
move
there.
It's
like
where
something
lives
is
almost
like
less
important
than
who
has
access
to
it
because,
like
you,
would
already
have
like,
if
I'm
in
a
top
level
group-
and
I
created
it
in
the
subgroup-
I
would
already
see
it
and
it
would
roll
up
anyways.
B
A
A
A
B
B
C
C
B
So,
basically,
how
it
works
is,
and
your
journaling
is
pretty
like
close
to
safe,
whereas
you
have
like
a
portfolio
right.
So
these
are
all
different
objects.
You
have
a
portfolio,
you
have
a
program,
you
have
a
team,
an
agile
team
right
and
you
have
work
items
that
align
to
each
of
them
right.
So
teams
works
on
stories,
programs,
work
on
features
and
portfolios,
work
on
epics
and
themes,
and
it's
all
sort
of
like
a
single
hierarchy.
C
B
B
But
jira
epics
are
really
like
safe
features,
they're
not
really
safe,
epics,
which
is
like
a
whole
other
thing
where
it's
like
people
that
use
safe,
don't
like
jira,
because
they
can't
rename
all
their
stuff
to
be
like
safe
right
and
they
spent
like
thousands
of
dollars,
training
everyone.
And
then
it's
like
wrong
in
jira.
A
B
C
Okay
sounds
fun,
so
I
think
we
want
to
have
some
basic
support
for
that,
like
that's,
where
I
think
we're
close
to
having
support
for
that
and
with
we're
gonna,
add
epic
boards
so
that
you
can
do
that
and
stuff,
but
we
don't
want
to
go
safe,
whole
hog
by
any
means.
So
I
know
that's
what
I'm
trying
to
think
about
keeping
things
as
simple
as
possible
and
we're
using
like
small
primitives,
where
applicable
like
if
we
need
to
do
teams
eventually,
so
you
have
specific
permissions
to
different
places.
That's
fine!
C
B
Yeah,
I
think,
that's
the
direction.
I
would
want
to
go
right
if,
if
like,
because
right
now,
just
like
share
the
challenges,
I'm
hearing
about
from
like
the
sales
and
the
tam
teams,
is
that
basically
people
end
up
creating
these,
like
members,
only
groups
right
where
all
of
all
they're
doing
is
creating
like
a
hierarchy
of
users
right
for
permission,
so
they're,
basically
saying
like
these
are
my
admins.
These
are
my
ops
people.
These
are
my
you
know.
Qa
and
sharing
those
groups
to
wherever
is
appropriate
right,
like.
A
B
Repo
access,
but
they
basically
have
like
all
this
stuff
in
those
groups
that
they
don't
need
right.
It's
almost
the
same
as
like
when
people
are
creating
issue
only
groups
and
it's
usability
wise.
It's
weird
right
because
it's
like
oh,
don't
touch
anything.
They
actually
put
it
in
the
description
like
don't
create
issues
here,
don't
create
repos
here,
don't
do
anything
other
than
add
people
and
only
add
them
at
this
layer.
Don't
create
projects
and
add
people
there,
because
that's
not
how
we
want
it
set
up
right.
B
A
C
Well,
one
of
the
things
that
you
could
like:
if,
if
we
reuse
a
small
primitive,
you
could
have
like
a
toggle
that
says
like
this:
is
a
people
only
group
and
like
yes,
just
just
disables
everything
but
like
under
the
hood?
You
don't
have
to
create
this
new
thing.
It
just
is
the
behavior
of
that's
kind
of
how
I
was
envisioning
it.
C
So
that
way,
if
you
want
to
have
a
wiki
only
thing,
you
could
have
a
whole
tree
of
those
and
then
have
like
the
t
people
only
groups
like
be
sent
over
into
there
or
maybe
the
part
of
the
reason
why
I
think
we
have
these
notification.
Only
groups,
people
groups
right
now-
is
because
they
want
to
use
the
notifications
like
at
you
know
so
and
so
team
right.
So
I've
seen
a
bunch
of
those
too
where
it's
like.
This
is
a
team
notification
group.
C
B
Yeah,
actually
that's
a
good
point
like
if
we
had
issues
and
people
group
right.
That
could
essentially
be
like
that
and
we
pulled
issues
from
basically
wherever
that
group
was
assigned.
Let's
say
it
right
to
an
issue,
then
that
would
be
like
your
team's
space
right.
That's
where
you
manage
like
who's
on
your
team
and
what
are
they
working
on.
C
B
You
might,
though,
right
because
if
you
have
I'm
thinking
like
what's
a
use
case
for
a
permissions,
only
group
right,
it
could
be
like
your
auditors,
for
example,
like
you
say,
these
people
have
access
to
everything
right,
so
you
create
a
group,
that's
auditors,
and
then
you
basically
will
add
them
at
the
top
level
and
they
have
access
to
everything,
but
those
others
are
also
part
of
their
own.
Like.
A
C
B
C
A
C
B
B
A
B
C
C
I
guess
just
as
we
continue
to
think
about
it.
The
one
thing
I
want
to
avoid
is
having
it
filter
through
a
bunch
of
stuff
in
a
place
that
has
a
bunch
of
things
that
I
don't
care
about.
Just
so
I
can
see
the
things
that
I
do
care
about,
which
is
what
is
draining
on
me
personally
and
I
think
also
like
a
lot
of
our
users
is
like.
B
C
Yes,
I
would
like
to
get
away
from
that
label
serve
the
purpose
for
some
things,
but
I
think
for
other
things,
we
should
build
in
better
experiences,
so
cool
all
right,
I'll,
open
up
an
issue
to
talk
about
this
more,
let's
get
other
folks
in
the
working
group
involved.
Thank
you
for
your
time.
You're
amazing
and
I
appreciate
the
collaboration.