Documentation updates to auto-generated custom permissions table and FE names(Reordering, name)
Problem to solve
It was noted from the customer that the table permissions for custom roles was not clear when mapping to similar default roles. Specifically, the name or action of the permission is based on the attribute/flag and how does this map to an action on default roles.
Further details
See related issue attached (internal).
Proposal
Update headers for better readability and simplicity.
Table Column Update
Permission | Description | API Attribute | Scope | Introduced In |
---|
Headers
- Permisison: "Pretty" version of the permission title for user to quickly read. Can potentially be used on Create Role or View Permissions view (future).
- Description (no change). Required Permission in the description.
- Attribute: Name of permission in code and API (Previously Name)
- Scope: Inspired from Audit Events. Include ability to scope to group or project level.
- Group, Project
- Project
- Introduced In (linked) (no change)
Remove
- Feature Flag
- Enable In
Examples:
Permission | Description | API Attribute | Scope | Introduced In |
---|---|---|---|---|
Manage CI/CD Variables | Create, read, update, and delete CI/CD variables. | admin_cicd_variables | Group, Project | 16.10 |
Manage project access tokens | ... | ... | Project | ... |
Update to the yml
file to include title
title: Manage CI/CD variables
description: Create, read, update, and delete CI/CD variables.
name: admin_cicd_variables
introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/437947
feature_category: secrets_management
milestone: '16.10'
group_ability: true
project_ability: true
requirements: []
available_from_access_level:
List of titles to include in respective yml files.
Permission Title | API Attribute |
---|---|
Approve merge request | admin_merge_request |
View repository code | read_code |
Manage group members | admin_group_member |
Archive project | archive_project |
Delete group | remove_group |
Delete project | remove_project |
Manage Terraform state | admin_terraform_state |
Manage CI/CD variables | admin_cicd_variables |
Manage group access tokens | manage_group_access_tokens |
Manage project access tokens | manage_project_access_tokens |
Manage vulnerabilities | admin_vulnerability |
View dependency list | read_dependency |
View vulnerability reports and dashboards | read_vulnerability |
Tasks
-
Update ee/config/custom_abilities
with proposed yml and titles -
Update headers in tooling template to follow proposal -
GraphQL query "memberRolePermissions" should return name
value so frontend can automatically reflect this. See conversation here. -
Verify that the front-end application Custom Role Creation is not impacted.
Edited by Joe Randazzo