►
Description
@mushakov and @gweaver talk about the challenges we need to overcome to provide better planning and permissions experiences within GitLab.
B
C
And
we
talked
about,
I
mean
the
value
in
this
is
that
a
I've
talked
to
a
customer
recently
who
they
manage
separate
instances
so
that
they
can
keep
different
organizations
separate
data
separate,
and
so,
if
I
remember
this
correctly,
this
organization
is
the
way
this.
This
works
in
azure
devops.
Is
there
they're
the
isolation.
A
C
I
also
think
it
would
be
good
if
we
had
this
so
that
you
could
have
users
belong
to
organizations
instead
of
to
the
instance
and
I'll
have
a
lot
of
settings
that,
especially
for
cloud
that
are
stuck
in
the
instance
configuration
be
available
in
the
organization
configuration.
So
I.
B
Yeah-
and
these
are
things
that
we
like
try
to
have
the
top
level
group
do
right,
but
it's
like
we're
doing
this
already,
but
we're
just
kind
of
mixing
it
with
group
and
applying
special
rules
to
like
a
group,
that's
top
level.
So
this
would
just
be
kind
of
formalizing
that
in
a
way.
B
So
then,
inside
of
that
you
have
project,
so
this
is
like
your
isolation.
Layer,
like
you,
said
right
so
and
then
in
here
you
have
different
projects,
they're,
like
repositories
for
things
right
and
you
can
choose
what
you
enable
in
them
right.
So
this
one's
not
new,
but
you
basically
get
like
a
welcome
screen,
which
basically
you
do
this
right.
So
you
can
say
this
is
boards.
This
is
repo.
This
is
pipelines.
This
test
plans
artifacts
right.
B
B
The
thing
that's
interesting
about
how
they
do
boards
is
that
I'll
go
back
to
project
settings.
Is
that
basically
how
it
starts
out?
It's
like
you
have
this
big
container
right.
When
you
create
the
project,
you
have
what
they
call
the
default
team,
which
is
just
like.
I
don't
know
in
case
it's
like
one
project,
one
theme
right
and
that's
where
it
ends,
but
you
can
actually
create.
Oh
here,
it's
over
here,
multiple
teams.
So
I
like
created
another
one.
I
can
show
you
what
that
looks
like.
B
So
you
can
assign
permissions
to
it
right,
so
you
can
say
these
people
are
readers.
These
people
are
administrators
and
there's
like
these
are
basically
baked
in
roles.
I
could
send
you
a
documentation
for
that.
B
C
A
C
B
A
B
B
B
So
I'll
put
it
here
right
and
save
so
then,
when
you
go
to
boards.
Basically
these
are
team.
Views
of
these
are
like
filtered
views
of
the
entire
project
repository
of
issues,
and
if
I
am
added
to
a
single
team,
then
I
only
see
this
board
right.
I
see
all
of
them
because
I'm
the
admin
here
right,
but
if
yeah,
you
would
see
like
a
filter
view
of
this,
and
this
is
where
you
like.
B
B
B
And
then
one
thing
I
haven't
looked
at
is
reporting
to
go
back
to
your
question
of
like
how
do
I
see
team
specific
analytics
right.
A
A
C
Don't
know
I
remember
this
yeah
we
can
look
at
it.
B
What
I
think
works
well
is
that
you're
separating
the
repository
aspect
from
the
permissions
aspect,
so
basically
what
what
they
have
is
you're,
basically
creating
paths,
containers
for
issues
and
repos,
and
all
that
right
and
separately
right
within
organizations.
B
B
I
like
this.
I
think
we
definitely
need
to
have
this
higher
level
abstraction
level
of
organization
right,
because
I
think
that
will
make
things
easier
for
us
of
just
having
this
kind
of
special
again
like
a
more
simple
specialized
object
that
all
it
does
is
defines
boundaries
right
kind
of
like
what
we're
doing
with
top
level
groups.
B
Then
the
thing
that's
nice
for
you
with
this
is
I
started
playing
around
with
some
of
the
scenarios
like
cross
project
linking
of
items
right.
A
B
Because
you
have
this
higher
level
abstraction
level
at
the
organization,
you
can
allow
issues
to
sort
of
like
commingle
within
that
organization
right,
so
you
can
have
an
epic
in
one
project
that
has
issues.
B
Something,
that's
nice,
I
don't
understand
yet
how
you
would
get
those
team
level
metrics
like
what
you're
describing
right
or
how
that
would
work.
I
haven't
played
around
with
how
this
basically
ties
into
your
repository
right
like
once.
You
have
issues
and
one
project.
I
don't
know
how
that
ties
into.
B
C
Yeah,
I'm
pretty
sure
that
the
way
it
works
is
that
a
within
an
issue
you
you
reference
a
given
repository
so
like,
if
you
can
look
at
whatever
you
want,
I'm
pretty
sure
that's
how
it
works
is
like
you,
you
more
or
less
like
ref.
This
is
where
the
change
is
being
made
and
here's
like
the
change
requests
and
the
change
request
is
the
issue.
C
I
don't
know
if
that
shows
up
in
the
repo
view,
but
out
of
all
of
the
the
enterprise
level
tools
that
I
was
tested
when
I
started
at
gitlab,
this
is
one
that
had
the
best
flexibility.
I
think
for
some
of
that,
while
also
like
being
incredibly
complicated
a
little
bit.
B
Yeah,
like
the
permissions
model,
is
very
complicated,
so,
like
a
story
right
is
that
I
was
working
with
a
customer
to
integrate
azure
devops
to
the
product
I
used
to
work
on
and
their
permissions
model
is
actually
super
complicated
because
you
have
like.
I
was
showing
you
like
over
here
in
organizations
right.
You
have
users
here
and
when
they,
you
add
them,
you're
assigning
a
permission
level
here
right
and
then
you're,
adding
them
to
projects.
B
Then
they
have
these
like
groups
here
that
have
permissions
level
associated
with
them
and
then
like
within
the
project.
You
can
have
another
set
of
permissions,
so
there's
like
nesting
levels,
and
we
had.
We
literally
spent
two
weeks
trying
to
create
a
user
that
had
the
right
permission
level
just
because
it
gets
so
confusing
with
how
flexible
it
is.
B
So
that's
something
that
I
do
not
like
yeah
as
far
as
the
project
setup.
The
thing
that's
really
nice
that
they
do
is
like.
Once
you
build
these
queries
and
build,
you
can
build
really
nice
dashboards
I'll
just
do
like,
like
they
have
this
really
nice
sort
of
like
sql
like
ui
right.
So
that's
really
nice
and
then
you
can
like
career
across
projects.
B
B
And
this
is
how
you
get
some
of
those
kind
of
like
team
level
metrics,
but
this
doesn't
solve
for
what
you're
trying
to
solve
for
right,
because
it
also
sort
of
imp.
There's
no
like
explicit
team
assignment
or
anything
like
that
right.
It
derives
all
of
the
metrics
and
everything
based
on
the
location
of
items.
B
But
if
I'm,
if
you
have
a
shared
team,
a
shared
repo
with
them,
you
would
run
into
the
same
issue
that
we
have.
C
Yes,
you
are,
but
you
may
maybe
not,
because
you
will,
if
one
issue
represents
the
change
in
the
repo
the
merge
request,
which
I'm
pretty
sure
that's
how
it
worked
last
time,
I'll
play
with
it
that
merge
request
would
be
mapped
to
the
area
that
the
issue
was,
which
would
be
the
team.
Okay,
every
path
does
that
make
sense.
C
C
Yeah
so
like
let's
say
you
go
to
gabe's
team
in
here
and
you
have
an
issue,
then
you
open
up
a
merge
request
which
I
haven't
gone
through.
We
can
go
through
the
merge
request,
process
and
the
repos
and
just
see
what
it's
like,
but
I'm
pretty
sure
you
can
associate
that
one
merge
request
with
the
issue:
that's
in
gabe's
team.
C
So
you
can
pull
through
that
way
right
now.
Our
our
problem
is
that
we
within
a
project
we
look
at
the
emerge,
requests
and
the
issues,
and
we
assume
that
everything
happens
in
that
one
project,
so
the
reporting,
for
example,
value
stream,
reporting
and
stuff
all
happens
based
on
the
objects
that
are
just
within
that
project.
C
So
if
I
have
my
team,
gabe's
team
and
I
go
and
open
a
merge
request
and
a
repo
there's
no
way
to
pull
that
data
back
into
map
it
to
my
area
path,
if
that
makes
sense,
we
could
figure
out
how
to
solve
that.
I
think
fairly
easily.
C
Yeah
and
that's
kind
of
where
I
was
talking
about
a
little
bit
too
though,
but
like
given,
let's
use
gitlab
as
an
example.
We
have,
we
have
a
project
or
an
area
path
where
all
of
our
issues
would
live
right,
that's
open
to
the
public
right,
but
that
area
path
that
is
open
to
the
public.
Where
all
the
issue
lives
is
not
my
team
right,
and
so
I
would
need
it
to
live
there
and
then
also
be
able
to
associate
it
to
my
team.
B
C
C
Yes,
by
default,
it
would
be
the
group
or
it
would
be
the
group
wherever
the
thing
where
the
issue
is
created.
Unless
somebody
specifies
something
else
right,
so
they
can
pick
something
else.
When
it's
created
and
more
or
less
say
that
the
team
we
didn't
call
it,
we
could
just
call
it
whatever
we
call
the
container
or
the
thing
the
shared
namespace
type
thing,
and
then
it
would
just
show
up
there.
C
The
only
the
thing
that
gets
complicated
is
what,
if
I
am
in
my
my
repo,
which
is
like
the
shared
place,
and
it
has
a
given
set
of
milestones
that
are
there
and
people
who
can
see
things,
and
then
I
have
my
team
area
path
that
only
my
team
has
access
to
and
we
put
a
set
an
attribute
on
that
issue.
C
B
C
C
B
B
C
B
C
That's
one
of
the
things
I
liked
about
having
the
repo
separately
here.
Is
it
just
like
you,
don't
really
have
a
choice
but
then
again
like
we
couldn't
use
this
in.
I
think
the
way
it
was
intended
right
within
git
lab
having
like
a
public
issue
tracker
and
all
that
other
stuff,
then
you
would
be
in
the
same
boat
where
we
have
to
come
up
with
like
a
labeling
system.
C
That
sort
of
thing.
The
other
thing
I
like
about
this
is
separating
pipelines
out
from
repos,
because
pipelines
like
you
might
only
want
to
define
one
pipeline
that
processes
all
of
your
different
repos
right.
A
C
A
a
your
pipelines
or
just
your
boards,
if
you
want-
and
we
should
talk
to
cic
folks
about
what
it
would
look
like
if
they
want
to
have
pipelines
that
can
impact
many
children
because,
like
what
I
could
end
up
seeing
is
then
you
have
like
one
hierarchy:
that's
all
your
repositories
and
then
you
could
set
up
like
roles
for
your
pipelines
at
the
very
top
level
name,
space
type
thing
that
then
all
the
children,
repose
inherit
or
something
there's
a
lot
of
cool
things
that
you
could
do
in
terms
of,
like
nesting,
that
stuff
together.
B
Oh
yeah,
that's
something
that's
interesting.
They
don't
have
nesting
rules,
so
that's
something
that
we
definitely
have
an
advantage
over
like
everything
is
flat.
C
A
C
Yep
all
right,
so
that's
the
access
problem
or
permissions
problem,
because
I
think
in
my
video
I
also
showed
how
right
now
it
works.
C
But
I
think
that
would
I
it's
a
weird
fringe
case,
but
more
and
more
organizations
I'm
talking
to
have
like
the
shared
services
projects
where
everybody
contributes
like
what
they
call
intersourcing
and
then
they
have
all
their
like
teams
where
they
work
on
all
the
stuff
that
they've
been
assigned
and
the
house
set
for
repos
over
there
for
that
they
pull
all
the
share
packages
into
so.
C
B
Believe
it
was
a
sales
person
sent
to
you,
which
was
you
have
sort
of
like
a
department
right
and
within
the
department
you
have
teams
and
to
cover
the
higher
level.
Epic
completely.
B
C
Yeah
or
using
labels,
but
that's
still
you
know
like
if
you
want
to
go
for
like
zero
trust,
then
you
want
to
be
able
to
add
people
to
just
what
they
need
access
to
and
create
the
things
there
and
so
we're
working
on
epics.
Now
we
create
an
epic,
you
can
assign
it
to
a
child
group
which
is
really
small
change,
but
that
way
you
have
flexibility
like
push
things
up
and
down
or
almost
change
the
assignment
of
the
epic.
C
I
think
eventually,
the
same
could
apply
if
you
have,
if
you
create
an
epic
like
in
a
top
level
group,
and
you
want
to
assign
it
to
a
child
group,
you
could
assign
it
to
that
child
group
and
it
would
show
up
in
that
list
without
having
to
move
there.
It's
like
where
something
lives
is
almost
like
less
important
than
who
has
access
to
it
because,
like
you,
would
already
have
like,
if
I'm
in
a
top
level
group-
and
I
created
it
in
the
subgroup-
I
would
already
see
it
and
it
would
roll
up
anyways.
B
A
B
Yeah,
it's
almost
the
same
problem,
but
just
slightly
different
right,
because
it's
but
it's
yeah,
the
location
is
one
kind
of
facet
of
it
and
then
the
access
and
basically
how
you
time
together
is
another.
A
C
Yeah,
did
you
look
at
jira
at
all
or
what
they
were
doing.
A
B
So
they
also
have
the
concept
of
an
organization
on
cloud
at
least.
B
B
C
C
B
So,
basically,
how
it
works
is,
and
your
journaling
is
pretty
like
close
to
safe,
whereas
you
have
like
a
portfolio
right.
So
these
are
all
different
objects.
You
have
a
portfolio,
you
have
a
program,
you
have
a
team,
an
agile
team
right
and
you
have
work
items
that
align
to
each
of
them
right.
So
teams
works
on
stories,
programs,
work
on
features
and
portfolios,
work
on
epics
and
themes,
and
it's
all
sort
of
like
a
single
hierarchy.
C
B
B
But
jira
epics
are
really
like
safe
features,
they're
not
really
safe,
epics,
which
is
like
a
whole
other
thing
where
it's
like
people
that
use
safe,
don't
like
jira,
because
they
can't
rename
all
their
stuff
to
be
like
safe
right
and
they
spent
like
thousands
of
dollars,
training
everyone.
And
then
it's
like
wrong
in
jira.
A
B
C
Okay
sounds
fun,
so
I
think
we
want
to
have
some
basic
support
for
that,
like
that's,
where
I
think
we're
close
to
having
support
for
that
and
with
we're
gonna,
add
epic
boards
so
that
you
can
do
that
and
stuff,
but
we
don't
want
to
go
safe,
whole
hog
by
any
means.
So
I
know
that's
what
I'm
trying
to
think
about
keeping
things
as
simple
as
possible
and
we're
using
like
small
primitives,
where
applicable
like
if
we
need
to
do
teams
eventually,
so
you
have
specific
permissions
to
different
places.
That's
fine!
C
B
Yeah,
I
think,
that's
the
direction.
I
would
want
to
go
right
if,
if
like,
because
right
now,
just
like
share
the
challenges,
I'm
hearing
about
from
like
the
sales
and
the
tam
teams,
is
that
basically
people
end
up
creating
these,
like
members,
only
groups
right
where
all
of
all
they're
doing
is
creating
like
a
hierarchy
of
users
right
for
permission,
so
they're,
basically
saying
like
these
are
my
admins.
These
are
my
ops
people.
These
are
my
you
know.
Qa
and
sharing
those
groups
to
wherever
is
appropriate
right,
like.
A
B
Repo
access,
but
they
basically
have
like
all
this
stuff
in
those
groups
that
they
don't
need
right.
It's
almost
the
same
as
like
when
people
are
creating
issue
only
groups
and
it's
usability
wise.
It's
weird
right
because
it's
like
oh,
don't
touch
anything.
They
actually
put
it
in
the
description
like
don't
create
issues
here,
don't
create
repos
here,
don't
do
anything
other
than
add
people
and
only
add
them
at
this
layer.
Don't
create
projects
and
add
people
there,
because
that's
not
how
we
want
it
set
up
right.
B
A
C
Well,
one
of
the
things
that
you
could
like:
if,
if
we
reuse
a
small
primitive,
you
could
have
like
a
toggle
that
says
like
this:
is
a
people
only
group
and
like
yes,
just
just
disables
everything
but
like
under
the
hood?
You
don't
have
to
create
this
new
thing.
It
just
is
the
behavior
of
that's
kind
of
how
I
was
envisioning
it.
C
So
that
way,
if
you
want
to
have
a
wiki
only
thing,
you
could
have
a
whole
tree
of
those
and
then
have
like
the
t
people
only
groups
like
be
sent
over
into
there
or
maybe
the
part
of
the
reason
why
I
think
we
have
these
notification.
Only
groups,
people
groups
right
now-
is
because
they
want
to
use
the
notifications
like
at
you
know
so
and
so
team
right.
So
I've
seen
a
bunch
of
those
too
where
it's
like.
This
is
a
team
notification
group.
C
That's
the
only
reason
they
use
it
for
notifications,
but
they
would
use
it
for
issues
if
they
could
have
issues
in
other
places
show
up
there,
but
since
they
can't
they
say,
don't
create
issues
here,
because
all
of
our
issue
management
happens
over
here,
where
we
don't
have
that.
So.
B
Yeah,
actually
that's
a
good
point
like
if
we
had
issues
and
people
group
right.
That
could
essentially
be
like
that
and
we
pulled
issues
from
basically
wherever
that
group
was
assigned.
Let's
say
it
right
to
an
issue,
then
that
would
be
like
your
team's
space
right.
That's
where
you
manage
like
who's
on
your
team
and
what
are
they
working
on.
C
Yeah
trying
to
think
of
like
if
you
had
one
just
for
different
permissions
levels
and
then
one
that
is
like
your
team's
hierarchy
and
then
one
that
is
your
repos,
your
other
resources
that
could
get
a
little
complicated.
But
I
don't
know.
B
You
might,
though,
right
because
if
you
have
I'm
thinking
like
what's
a
use
case
for
a
permissions,
only
group
right,
it
could
be
like
your
auditors,
for
example,
like
you
say,
these
people
have
access
to
everything
right,
so
you
create
a
group,
that's
auditors,
and
then
you
basically
will
add
them
at
the
top
level
and
they
have
access
to
everything,
but
those
others
are
also
part
of
their
own.
Like.
A
C
B
C
A
C
Come
into
a
gitlab
namespace,
they
have
no
idea
what
to
do,
and
so
they're
they're,
like
their
first
touch,
they're
completely
missing
out
on
a
lot
of
the
hidden
values
like
what
I
heard,
and
I
think
this
is
where
the
opportunity
is
to
surface
all
that
stuff
when
you
create
the
namespace
or
somebody
comes
into
it
for
the
first
time
to
have
like
a
great
experience
based
on
what
the
namespace
has
been
used
for.
C
B
B
A
B
That's
one
big
thing
that
atlassian
is
so
yeah:
it
just
creates
like
a
basic
project,
but
it
they
already
have
pre-created
boards.
You
could
do
this
with
a
blank
one
right,
but
they're
just
applying.
C
All
right
cool,
I'm
gonna
to
I'll
put
this
on
unfiltered.
If
that's
okay
with
you
and
we'll
take
some
of
these
things
that
we've
been
talking
about
stock
and
put
them
into
an
issue.
I
think
liam
still
is
like
unsure
about
this,
which
is
very
valid.
C
I
guess
just
as
we
continue
to
think
about
it.
The
one
thing
I
want
to
avoid
is
having
it
filter
through
a
bunch
of
stuff
in
a
place
that
has
a
bunch
of
things
that
I
don't
care
about.
Just
so
I
can
see
the
things
that
I
do
care
about,
which
is
what
is
draining
on
me
personally
and
I
think
also
like
a
lot
of
our
users
is
like.
B
C
Yes,
I
would
like
to
get
away
from
that
label
serve
the
purpose
for
some
things,
but
I
think
for
other
things,
we
should
build
in
better
experiences,
so
cool
all
right,
I'll,
open
up
an
issue
to
talk
about
this
more,
let's
get
other
folks
in
the
working
group
involved.
Thank
you
for
your
time.
You're
amazing
and
I
appreciate
the
collaboration.