Create Policy Admin Permission/Role
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Proposal
Policy admin permission/role that would set policies which could not be changed by folks that do not have Policy Admin or Owner Roles to enable compliance and separation of duties. Ideally, this permission would be mutually exclusive from there roles such as maintainer to ensure people could not set policies and merge. A common concern at GitLab, as well as our customers, is the by-passing of codeowner and MR approvals. Implementing a policy permission/role that is mutually exclusive to the merge permission would enable technically-enforced separation of duties.
What does success look like:
A role would be created which gave permissions to a user to update policies to enable compliance and separation of duties. These roles could be configured at the group and project level. Once in place, the ability to write and push code would require more than one person.