Discovery: Two-person access controls for sensitive project settings
Making changes to important aspects of a project could result in significant changes. For compliance-minded organizations, this could pose an unacceptable security risk to have a single person in charge of these changes; beyond malicious activity, accidents are always a possibility when there's a single point of failure.
To solve for this, we should introduce a two-person control for sensitive changes that could result in data loss or the exposure of sensitive information.
- Introduce a two-person access control pattern to the General view in project settings.
- The use of two-person access controls should be configurable.
- Ultimate feature.
- Actions that could remove or expose sensitive information should require two Owners or administrators:
- Changing project visibility to a less restrictive setting,
- Changing feature availability,
- Removing merge request restrictions,
- Project removal.
- Add a
Groupsetting to enable/disable
Two-person approvalsfor (regulated) projects
- Implement logic for
MR approval settings(the same ones in #39060 (closed)) so that if
enabled, then changes to those settings result in:
- Add an entry to the
Approvalsview within the Compliance Dashboard with an
Approvebutton instead of
Xto dismiss or
- The setting that was changed should only take effect if
- The setting that was changed should retain it's original value if
- The setting, from the perspective of the
requestor, should have a visual indicator that it's "pending approval"
- The person who changed the setting should receive a notification of the
- Actions that could qualify for two-person approval:
- Changing project visibility to a less restrictive setting
- Changing feature availability
- Removing merge request restrictions
- Project removal
More detail is needed here around how the workflow and UX might work for the user initiating a sensitive change and how other users become aware of the "second key" need and fulfill/reject the request.
Mural working file
Prototype in Figma