Discussion: How might we scale project controls to the group level
📚 Background
A common request that groupcompliance comes across is a demand for feature X in projects be controllable at the group level, and in some cases in the Admin Area. There are numerous useful features that help teams manage their compliance posture, but as a result it has become an intensive responsibility to keep these projects in sync.
💭 Scenario
Imagine your are a group owner at a large organization. Within your group alone there are over 1000 projects, and it continues to grow by the day. Your company has established best practices and policies to adhere to specific requirements for a regulatory framework. However, keeping projects in line can be a real challenge. Project Maintainers can sometimes change these settings or updating existing projects can become a real pain.
| Feature | Admin Area | Group | Subgroup | Project | Inheritance & enforcement | Issues/Epics |
|---|---|---|---|---|---|---|
| Merge Request Approval Rules (Approvers) |
|
&4367, &4552 (closed) | ||||
| Merge Request Approval Settings (Checkboxes) |
|
|
Both new & existing projects with enforcement | &4367, &4552 (closed) | ||
| Protected Branches |
|
#18488 (closed) | ||||
| Push Rules |
|
|
|
|
New projects only with no enforcement | #34370 (closed), #221261 (closed) |
| Merge Method |
|
#35266 |
🧐 Considerations
Pitfalls: While reaching feature parity seems easy, it can be quite difficult with things like MR Approval Rules which map to branches. It is important to evaluate the numerous edge cases that could arise by simply replicating the UI elements.
Simplify Groups & Projects Working Group: This effort might address pain points with settings only affecting new projects.
Enforcement: This is top of mind with compliance customers. They want to be able to set it and forget it, rather than monitor projects for noncompliance.
💡 Proposal
Settings should only apply to new projects, unless they are using a compliance framework with enforcement enabled.
| Compliance Framework | MR Approvals (Project) |
|---|---|
 |
 |
🤝 Cross-stage Collaboration
-
Responsible, Accountablegroupcompliance Sam, Austin -
Consultedgroupsource code Daniel G., Mike N. -
Consultedgroupcode review Kai, Pedro