Feature Flag Environment Permissions together with User IDs
Problem to solve
Now that we introduced Feature flags based on user ID and Feature flags based on environments, we need to combine the permissions in order for a user to be able to enable users only on the environments that he/she has permissions to.
For the first iteration, we disabled the User ID Input if you don't have permissions for all the environments shown, similar to how the feature flag name and description is disabled in the same situation.
Intended users
- Developers who have environment permissions
- QA engineers who wish to enable/disable flags for specific users (application users - non-GitLab)
- Release managers who deploy to specific users (application users - non-GitLab)
Further details
Permissions need to be definable on a per-environment basis. For example, review apps may be a free for all, stage may be controlled to developers-only (generally wide access but not everyone), and production/performance environments may be restricted to just a handful of specific people - not even a role like maintainer may be granular enough for an environment like that. We must follow suit when enabling specific users to environments. This can be used to deploy "test versions" to specific customers before GA release. It can be used to allow "sneak peeks" to selected customers before deployment.
Proposal
The permission to set user ID in a specific environment should be the same permissions as the environment. Meaning if I have access to staging but not production, I shouldn't be able to enable features in production to specific users.
Permissions and Security
Documentation
Testing
What does success look like, and how can we measure that?
number of times someone modified the user id list for feature flags in a specific environment
What is the type of buyer?
Links / references
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.