Refine the relationship between approver settings and extra rules
Problem Statement
The extra rules will be applied to all of the approver rules, but security rules shouldn't be overwritten by extra rules.
Intended users
Gitlab user (Could be security analyst or similar roles?) who has maintainers right and above https://docs.gitlab.com/ee/user/permissions.html
Further details
Proposal
| Status Quo | Proposal-security scan setup successfully | Proposal-when there is no security scan setup |
|---|---|---|
 |
 |
 |
| Separate Security rules in its own group No need for user to add them, will be there by default, but in an inactive status, user need to turn them on Security rules has their own extra rules |
show notification if there is no security scan setup. CTA helps the user to go to either configuration page or doc page |
Design specs
Reach
Impact
Confidence
Effort
Permissions and Security
Documentation
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Links / references
Edited by Nicole Schwartz