Possibility to have Global Teams/Groups #1605

New Issue

GiteaMirror · 2025-11-02T04:06:21-06:00

GiteaMirror commented

2025-11-02 04:06:21 -06:00

Originally created by @dumarjo on GitHub (Mar 7, 2018).

Gitea version (or commit ref): 1a83581
Git version:
Operating system: Linux
Database (use [x]):
- PostgreSQL
- MySQL
- MSSQL
- SQLite
Can you reproduce the bug at https://try.gitea.io:
- Yes (provide example URL)
- No
- Not relevant
Log gist:

Description

Right now is not possible to create global group/teams that can be assigned to Organisation as collaborator.

Use case: We are a small team (< 15 dev) and we do many project with many company. What we want is to have a way of creating a dev team (all of us) and have all the permission over all organisation/Repository. After that we want to have other people (like our customer) having access to only their Organisation

Currently, we need to assign all the dev to all the Organisation manually. Since we want to use LDAP for authentification, it will be good to have also the possibility to reuse specific groups from LDAP. Imagine we have a LDAP group GIT_DEV that can be use in the collaborator of an organisation.

Screenshots

Originally created by @dumarjo on GitHub (Mar 7, 2018).  - Gitea version (or commit ref): 1a83581 - Git version: - Operating system: Linux - Database (use `[x]`): - [ ] PostgreSQL - [x] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant - Log gist: ## Description Right now is not possible to create global group/teams that can be assigned to Organisation as collaborator. Use case: We are a small team (< 15 dev) and we do many project with many company. What we want is to have a way of creating a dev team (all of us) and have all the permission over all organisation/Repository. After that we want to have other people (like our customer) having access to only their Organisation Currently, we need to assign all the dev to all the Organisation manually. Since we want to use LDAP for authentification, it will be good to have also the possibility to reuse specific groups from LDAP. Imagine we have a LDAP group GIT_DEV that can be use in the collaborator of an organisation. ## Screenshots

GiteaMirror added the type/feature issue/confirmed labels 2025-11-02 04:06:21 -06:00

GiteaMirror commented

2025-11-02 04:06:21 -06:00

@stale[bot] commented on GitHub (Feb 7, 2019):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale[bot] commented on GitHub (Feb 7, 2019): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

GiteaMirror commented

2025-11-02 04:06:22 -06:00

@xoxys commented on GitHub (Oct 15, 2019):

Any news on this?

@xoxys commented on GitHub (Oct 15, 2019): Any news on this?

GiteaMirror commented

2025-11-02 04:06:22 -06:00

@divansantana commented on GitHub (Nov 15, 2019):

anyone have a workaround? Or looked into auto adding new users to groups via some hook?

@divansantana commented on GitHub (Nov 15, 2019): anyone have a workaround? Or looked into auto adding new users to groups via some hook?

GiteaMirror commented

2025-11-02 04:06:22 -06:00

@pbodnar commented on GitHub (Feb 29, 2020):

anyone have a workaround? Or looked into auto adding new users to groups via some hook?

Yes, this is currently discussed at #1395 -> until Gitea data model changes (no plans yet?), one needs to use a tool like gitea-group-sync which automates mapping LDAP / AD groups to Gitea's existing teams within organizations.

@pbodnar commented on GitHub (Feb 29, 2020): > anyone have a workaround? Or looked into auto adding new users to groups via some hook? Yes, this is currently discussed at #1395 -> until Gitea data model changes (no plans yet?), one needs to use a tool like *gitea-group-sync* which automates mapping LDAP / AD groups to Gitea's _existing_ teams within organizations.

GiteaMirror commented

2025-11-02 04:06:22 -06:00

@lunny commented on GitHub (Aug 10, 2021):

In admin panel, there is a global team management UI to add/remove global team and also add/remove members of global team. There is an internal global team which is owners, so I can remove is_admin column from user table. All the members of this global team have the permissions to manage the Gitea instance.
A global team could be mapping with a LDAP/AD group if LDAP/AD enabled, so that the members will be sync in background automatically
A global team could be added to some organization as a ref team or a team template. you cannot change the special team's members because it will be synced with some group. But you can change the permissions of the team like a normal team.
There is a config item that mapping all organization's owner team with some global group

@lunny commented on GitHub (Aug 10, 2021): - [ ] In admin panel, there is a global team management UI to add/remove global team and also add/remove members of global team. There is an internal global team which is owners, so I can remove `is_admin` column from `user` table. All the members of this global team have the permissions to manage the Gitea instance. - [ ] A global team could be mapping with a LDAP/AD group if LDAP/AD enabled, so that the members will be sync in background automatically - [ ] A global team could be added to some organization as a ref team or a team template. you cannot change the special team's members because it will be synced with some group. But you can change the permissions of the team like a normal team. - [ ] There is a config item that mapping all organization's owner team with some global group

GiteaMirror commented

2025-11-02 04:06:22 -06:00

@andreas-bulling commented on GitHub (Oct 30, 2022):

This feature would also be super important to me - organizations are currently the only way to "group repositories" and separate teams have to be created for each of these organizations (and managed/updated).

@andreas-bulling commented on GitHub (Oct 30, 2022): This feature would also be super important to me - organizations are currently the only way to "group repositories" and separate teams have to be created for each of these organizations (and managed/updated).

GiteaMirror commented

2025-11-02 04:06:22 -06:00

@KroMignon commented on GitHub (Mar 3, 2023):

I would also love to have this feature available in Gitea!
Is there a way to upvote this FR?

@KroMignon commented on GitHub (Mar 3, 2023): I would also love to have this feature available in Gitea! Is there a way to upvote this FR?

GiteaMirror commented

2025-11-02 04:06:23 -06:00

@lunny commented on GitHub (Mar 3, 2023):

I would also love to have this feature available in Gitea! Is there a way to upvote this FR?

Add reactions. :) Answer your questions in #23262, I think yes. I would like this could be implemented. Maybe we need a proposal about how to implement it since we already have organization teams.

@lunny commented on GitHub (Mar 3, 2023): > I would also love to have this feature available in Gitea! Is there a way to upvote this FR? Add reactions. :) Answer your questions in #23262, I think yes. I would like this could be implemented. Maybe we need a proposal about how to implement it since we already have organization teams.

GiteaMirror commented

2025-11-02 04:06:23 -06:00

@afr-TT commented on GitHub (May 16, 2023):

Any actions / new about this?

I would be glad to have a way to administrate owners of organizations by a global team management. Especially when new people join the team or someone leaves the team, a central / global team would be very helpful.

@afr-TT commented on GitHub (May 16, 2023): Any actions / new about this? I would be glad to have a way to administrate owners of organizations by a global team management. Especially when new people join the team or someone leaves the team, a central / global team would be very helpful.

GiteaMirror commented

2025-11-02 04:06:23 -06:00

@aylen384 commented on GitHub (Jun 30, 2023):

A workaround that I implemented on my instance is to sync the teams using a script:

#!/usr/bin/python3

import gitea

class GiTeamSync:
    def __init__(self, url: str, token: str):
        self.g = gitea.Gitea(url, token)
        print("Gitea Version: " + self.g.get_version())
        print("API-Token belongs to user: " + self.g.get_user().username)

    def get_team(self, org: str, team: str):
        return gitea.Organization.request(self.g, org).get_team(team)

    def sync_members(self, source_team: gitea.Team, target_team: gitea.Team):
        source_members = set(source_team.get_members())
        target_members = set(target_team.get_members())

        inter = source_members & target_members
        to_be_removed = target_members - inter
        to_be_added = source_members - inter

        print(f"Syncing members from {source_team.organization.name}/{source_team.name} to "
              f"{target_team.organization.name}/{target_team.name}")

        print("Users removed:")
        for u in to_be_removed:
            print(f"- {u.login}")
            target_team.remove_team_member(u.username)

        print("Users to added:")
        for u in to_be_added:
            print(f"- {u.login}")
            target_team.add_user(u)

gs = GiTeamSync("https://my.url", "TOKEN123")
gs.sync_members(gs.get_team("org_a", "Owners"), gs.get_team("org_b", "team_123"))

@aylen384 commented on GitHub (Jun 30, 2023): A workaround that I implemented on my instance is to sync the teams using a script: ```python #!/usr/bin/python3 import gitea class GiTeamSync: def __init__(self, url: str, token: str): self.g = gitea.Gitea(url, token) print("Gitea Version: " + self.g.get_version()) print("API-Token belongs to user: " + self.g.get_user().username) def get_team(self, org: str, team: str): return gitea.Organization.request(self.g, org).get_team(team) def sync_members(self, source_team: gitea.Team, target_team: gitea.Team): source_members = set(source_team.get_members()) target_members = set(target_team.get_members()) inter = source_members & target_members to_be_removed = target_members - inter to_be_added = source_members - inter print(f"Syncing members from {source_team.organization.name}/{source_team.name} to " f"{target_team.organization.name}/{target_team.name}") print("Users removed:") for u in to_be_removed: print(f"- {u.login}") target_team.remove_team_member(u.username) print("Users to added:") for u in to_be_added: print(f"- {u.login}") target_team.add_user(u) gs = GiTeamSync("https://my.url", "TOKEN123") gs.sync_members(gs.get_team("org_a", "Owners"), gs.get_team("org_b", "team_123"))

GiteaMirror commented

2025-11-02 04:06:24 -06:00

@Hypnotist1148 commented on GitHub (Oct 3, 2023):

@denyskon as mentioned in #27194, this would be a killer feature for corporate environments.