Deny-list support for Geo Selective Sync

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Work on this issue
• Close this issue

Release notes

Problem to solve

As a system administrator, I want to use Geo Selective Sync to sync all projects except a few select ones. At the moment, there is no "deny-list" behavior, it is all based on selecting the ones to be synced.

Intended users

• Sidney (Systems Administrator)

User experience goal

This feature will be an enhancement to the selective feature which currently manages an include list. To reduce complexity, cognitive friction on the UI and conflicting interactions leading to a need for complex troubleshooting we should avoid managing multiple lists where possible.

Proposal

We continue to manage a single list of projects as is the case today and introduce a control to allow or deny synchronization based on the list .

• Allow - Only synchronize projects selected in the list
• Deny - Synchronize all projects except those selected in the list

Similar to how selective synchronization works today, this feature will be available on a per Geo secondary site basis. That is, each Geo site can have it's only allow/deny list of projects independent of other Geo secondary sites.

Further details

The intended use case for selective synchronization is to limit the projects that are synchronized to a Geo secondary site. Design decisions were not made based on data compliance or access control in mind. As noted in the documentation it is the customer's responsibility to evaluate whether the functionality meets their needs. Use of this feature for unsupported use cases risks breaking as we evolve Geo.

Permissions and Security

Same as existing Geo selective synchronization feature.

Documentation

Selective synchronization documentation to be enhanced is located here.

Availability & Testing

Available Tier

• Premium
• Ultimate

What does success look like, and how can we measure that?

It is possible to successfully exclude specific projects from synchronizing to a secondary site.

Is this a cross-stage feature?

No

Links / references

• ZD ticket (internal only) - Premium customer

/cc @fzimmer