Link to policy editor from framework editing

Proposal

Review parent epic and designs for more details, Compliance Framework report ability to link Sec... (&11628 - closed)

With the Compliance Framework report, we want to give users a easier experience to adjust Security Policies and their links to Compliance Frameworks.

In the report we want users to be able to:

  • Link/De-link a framework to a policy
  • Link/De-link a framework to an additional pipeline yaml file

Proposed Solution

  • Remove select all from the compliance framework edit > Link policies page.
    • Disable the individual check-box and show a tooltip why user can't use it
  • Have single-row link for each policy available for the group
  • When a user clicks to link a policy send the user to the proper security policy editor with and automate the step of adding the Compliance Framework to the scope of the policy.

Designs

Framework-list If user can edit frameworks If user can not edit frameworks
linked-policy-framework-MVC socpe-compliance-framework-highlight scan-excution-policy-read-only

This will leave the user to complete the step to merge the change.

If they do not have access to the security policy project, we will need to show that they do not have access.

Target user

Implementation plan

  • Adding support for opening editing policy with "Choose framework" focused and showing tooltip
  • Adding support for scenario when user does not have sufficien rights (might not be needed and already done by groupsecurity policies
  • Cleaning up compliance framework editing ui (might be not needed, since we might simply skip adding "Link all" stuff right now when implemeting that
Edited by Camellia X Yang