E-Mail Notification to User and Project/Group Maintainers When Access Expires
Problem to solve
Currently, when access to a project or group expires, no notification is provided to either the user or the group/project maintainers. Due to gitlab-org/gitlab-ee#12703 and gitlab-org/gitlab-ee#12702, this can cause confusion for large groups with multiple maintainers making access changes. In addition to having correct audit events for these events, an additional notification to the affected users and group admins would prevent confusion when access is removed.
Intended users
This will affect any users are using expiration dates an user access.
Further details
Other related feature proposals may be to do something like specifying a new access level (or none at all, which is all that is possible now), when setting an expiration date.
Proposal
At a minimum, send an email or set a banner for users to let them know that their access to a group or project has expired. Warning in advance, if a new access level can't be specified, will reduce interruption due to the user having to contact group maintainers to be readded at a lower permission level instead of churn due to being completely removed.
Permissions and Security
Maintainers and Owners are the only users that can set expirations. This does not change.
Documentation
A note could be added indicating the timing of notifications when configuring expirations.
Testing
An error sending the email should not prevent the removal actions from being performed and should be tested.
What does success look like, and how can we measure that?
Less confusion and work for users around access expirations.
What is the type of buyer?
The lack of notifications came up while examining audit events, but it's possible that since expirations are available in CE< this may be a CE issue.