Extend email notification for expiring tokens to inherited members
Proposal
It was discovered here that email notification for expiring tokens are only sent to direct members. For group tokens, a direct group owner receives expiration notifications. For project tokens, direct project maintainer is notified. Customers expect that all members are notified. Organizations have many maintainers/owners that are inherited via saml/ldap integrations at the top group.
Implementation considerations
Based on the discussion below, it's proposed that we extend notifications to inherited members as an optional setting that can be enabled by group owners and instance admins.
- A setting for
All direct members
orAll direct and inherited members
will be created for token notifications. - The setting will default to
All direct and inherited members
and group owners or instance admins can optionally disable it. it will be applicable to all sub-groups and projects. - This can be a drop down, added under Settings > General page under "Permission and group features"
- We already have the options around Email notifications
- There is a risk that users may miss critical token expirations and hence the suggestion to default enable the sending of notifications to inherited members.
- If the notifications are deemed too noising, or the members do not necessarily find them as actionable, the setting can be set to
All direct members
- We have a need for platform wide consistent notifications however that is outside the scope of this request. We should opt to simplify the approach for this work if needed, to provide expiration notification for inherited members first.
- Changes for project owners to receive email not... (!155391 - merged) Add notifications for project owners along with project maintainers and group owners that already receive one.
- The changes should be behind a FF that will be rolled out to GitLab-org (GitLab team members) first.
- This is likely to add workload on mailgun and should be monitored as we enable the FF
Edited by Adil Farrukh