Add "Manage Push Rules" as a customizable permission
Release notes
Group owners and project maintainers have the ability to manage push rules. This often leads to a user becoming overprivileged where they may not need other group or project destructive permissions. With the release of this permission, you can create a custom role to allow a Developer (or any base role) plus this permission to manage push rules without being overprivileged.
Background
Group owners and project maintainers have the ability to push rules. This leads organizations elevating a subset of users who need to manage these settings that as a consequence can edit other Group/Project settings. This permission will allow a custom role such as Developer + this permission offering organizations to reduce Owners and Maintainers in their environment
Proposal and User Experience
- When creating a role, any base can be selected. A new permission is available and labeled "Manage Push Rules" that can be selected.
- The permission actions for
admin_push_rulesincludes editing push rules and all the properties associated:
| Group Actions | Project Actions |
|---|---|
|
Group Repository Settings
|
Project Repository Settings
|
APIs
- https://docs.gitlab.com/ee/api/projects.html#get-project-push-rules
- https://docs.gitlab.com/ee/api/groups.html#push-rules
Views+Workflows include:
-
Base + permission: Can see Group-> Settings -> Repository Settings -> Pre-defined push rules -
Base + permission: Can see Project-> Settings -> Repository Settings -> Push Rules
Documentation
-
Permissions attribute: admin_push_rules -
Permission Title: Manage Push Rules -
Permission Description: Configure push rules at the group or project level. -
Update prerequisites for...