Remove project maintainer permission from compliance framework assignment
Why are we doing this work
As discussed in this issue, users want to restrict the ability for project maintainers to assign compliance frameworks to projects. This should only be available to project owners.
This is a potentially significant breaking change and we should gather data around how many users it may affect before we make any changes.
Relevant links
-
MR enabling assignment of custom frameworks to projects
- I attempted to add this permissions change to this MR but it was rejected as too large/breaking a change.
Non-functional requirements
-
Documentation - We'll need to communicate this change.
Implementation plan
-
Alter admin_compliance_framework
to no longer be permitted to maintainers. -
Hide dropdown on project settings page (or disable it if it's easy enough to do!) -
Check API functionality matches new policy
Edited by Max Woolf