ISSUE-507 Medium Medium Platform Access and Authorization
Members' role quotas are not respected for projects
Control: Number of project members must respect a quota · Config key: numberOfProjectMembersMustRespectQuota
📋 What is this?
The number of members assigned to specific roles in a GitLab project does not respect the quotas defined in your Policy controls.
⚠️ Impact
Ignoring role quotas can lead to uncontrolled access to project resources, weakening security and governance policies. For example, if too many users are assigned as Owners or Maintainers, it increases the risk of unauthorized changes and security misconfigurations.
🔧 How to fix
Review and adjust the members' role assignments in the project to comply with the defined quotas. Ensure that only the necessary members have privileges.
✗ Before The project has 4 maintainers, exceeding the allowed quota of 2.
# GitLab project members — ❌ Too many Maintainers# Settings > Members:## alice → Owner# bob → Maintainer# carol → Maintainer# dave → Maintainer# eve → Maintainer ← 4 Maintainers (max allowed: 2)✓ After Member roles are adjusted to meet the defined quota.
# GitLab project members — ✅ Quotas respected# Settings > Members:## alice → Owner# bob → Maintainer# carol → Maintainer# dave → Developer ← Downgraded to meet quota# eve → Developer ← Downgraded to meet quota💡 Tips
- Regularly audit project members and their roles using GitLab's member management page.
- Use GitLab groups to manage access at scale instead of adding individual project members.
- Follow the principle of least privilege: grant members the minimum role needed for their tasks.