Restore the ability of self-managed group level custom role creation
- In a recent group sync we realized we have introduced a breaking change, though it hasn't shipped in a version yet. Let's restore the change, so we can follow the proper path of deprecations.
- This change must ship in 16.9.
Implementation:
- Currently, a self-managed instance cannot create group-level member roles
- We will introduce a feature flag,
restrict_member_roles
which will be disabled by default. This way, self-managed instances will be able to create both group-level & instance-level member roles. - Once the migration from group-level to instance-level roles is complete, we can turn on the FF, after which the intended behaviour to not allow self-managed instances to create group-level member roles will be restored.
Edited by Hinam Mehra