Modify the permission set of existing roles
Description
Allow to configure the permission set of the existing roles Guest, Reporter, Developer as defined in the project_policy.rb after a gitlab installation.
Use cases: Multiple issues in this gitlab tracker are related to permissions not matching their company's workflow, e.g. when working with labelling or reporting
- Reporters which cannot change labels
- Reporters which should not have code access
- Guests who should see the code
- I can't find the issue again where they want to open the issue tracker for their Gitlab EE to their customers. As soon as they do that, they might also want to allow the labelling (but of course not the code access)
- .....
This makes clear that different workflows of different companies need to be supported - and labelling is one of the items with the biggest differences in how they are used
The issue is related to the proposal for custom roles https://gitlab.com/gitlab-org/gitlab-ce/issues/12736 but my proposal does not suffer from the problems due to which this issue was closed:
- no additional role management is needed
- no additional GUI and management.
- Just the re-configuration of a list after installation.
As I understand the project_policy.rb , patching the code for my need may be a one-liner. But of course I want the custom permission set in an official installation and paid plans, not some home-brewed one.
Proposal
Allow to configure the permission sets for existing roles defined in project_policy.rb via /etc/gitlab/gitlab.rb
Links / references
By the way, for submitting this issue I used the "Feature proposal" template, which has a quick action in the end:
/label ~"feature proposal"
But as I am not allowed to set this label, the command is just ignored. So it seems that even gitlab themselves would benefit from a more versatile permission management :-)