Require two-person approval for deleting a project

Problem to solve

In the discovery for two-person approvals, we learned more about the sensitivity that compliance-minded organizations have for data loss, specifically when it manifests as a project deletion. Currently, when a project is deleted there is no way to prevent that action. A GitLab admin must take additional steps to recover a deleted project and a GitLab.com group owner does not currently have any recourse for this action.

Intended users

• Cameron (Compliance Manager)
• Sidney (Systems Administrator)
• Sam (Security Analyst)

Proposal

This proposal will need to be split up into smaller components and serves as a draft proposal intended to become an epic or several linked issues.

Leverage the precedent of two-person approvals to require an additional person 👍🏻 a project deletion.

Project deletion delay should still affect this action if enabled.

Projects deleted in this way should still be recoverable via the deleted project view

An audit event should be logged to capture:

• The user who requested the deletion of project_name at date/time
• The user who approved the deletion of project_name at approval date/time
• The date/time when project_name is permanently deleted