Permission Page Improvements

Problem to solve

The permissions page has grown unwieldy over the years and has had its challenges including:

• Inaccurate or missing permission actions
• Information architecture is not clear with difficulty looking up a permission
• Missing guidance and best practices on setting up access in GitLab

Proposal

1. Add missing permissions and improve accuracy: https://gitlab.com/gitlab-com/gitlab-OKRs/-/work_items/6978
2. Identify optimal information architecture for permissions table, so customers can quickly identify their requested permissions they are trying to understand.
   • Example: Sort by role
   • Example: Group by category
   • Example: Simplify actions
3. Collaborate across teams (AuthN, AuthZ, Security, Support, other?) to identify the best practices when it comes to setting up access and permissions.

Future ideas

• Add column or notation to highlight if custom role is available in default roles table.
• Scalable permissions table that is defined in code and teams can contribute when a new permission is added. This can be further checked by a linter.
• List out access controls (protected branches, environments, etc) that augment permissions.
• Doc navigation around all things access
• Remove permissions on table related to adjustments to access control. For example, push to protected branches should not be shown as this relates to the access control.

Resources

• https://gitlab.com/jrandazzo/permission-table-examples