Create a list of authorized users for two-person approvals

Problem to solve

In the discovery for two-person approvals, initial customer feedback and refinement discussions highlighted a possible need to create approval groups, similar to MR approvals, but that exists at the group and/or instance-level and consists of authorized users who can approve overrides or exceptions to typical workflows. Currently, there is no way to designate specific individuals who can provide an approval on workflow exceptions or overrides for things like emergency MRs.

Intended users

• Cameron (Compliance Manager)
• Sidney (Systems Administrator)
• Sam (Security Analyst)

Proposal

Create an experience at the group-level to allow group owners to define a list of users who can approve exception requests, such as those described below in Further Details.

Owners should be able to create a single list in this MVC.

These users would be authorized to view the Compliance Dashboard Approvals tab to respond to two-person approval requests.

Further details

Example overrides

• Permit an MR to merge without all necessary approvals
• Allow a required CI job to be bypassed for emergency deploys
• Allow on-call engineers to deploy directly to production for emergencies

Note: The on-call engineer idea was raised by a customer and we discussed an "on-call" list of engineers authorized to push directly to certain environments in certain projects to be able to deploy emergency fixes without having to go through typical workflows. This particular group (likely a separate issue) would be rotated in membership every X hours/days based on the on-call rotation of an organization.

What does success look like, and how can we measure that?

What is the type of buyer?

Is this a cross-stage feature?

Links / references

See Figma →

Additional comments

This issue will be workflowblocked until &3839 (closed) is implemented.