Add "Manage Protected Environments" as a customizable permission

Proposed Permission

This issue has been raised when capturing the deltas in permissions between Owner and Maintainer. Owner has this permission, but Maintainer does not. Adding this as a customizable permission helps our customers lessen their reliance on the extremely privileged Owner role, and gives them flexibility when creating new roles to give them only the permissions that they need. In this case the customer is looking to manage protected environments.

Proposal and User Experience

Group Actions Project Actions

Protected Environments: Create, read, update, and delete environments.

  • Set environment, who can deploy, who can approve.

Protected Environments: Create, read, update, and delete environments.

  • Set environment, who can deploy, who can approve.

Views+Workflows include:

  • Base + Permission: Group > Settings> > CI/CD > Protected Environments
  • Base + Permissions: Project> Settings > CI/CD > Protected Environments

Impacted APIs

https://docs.gitlab.com/ee/api/protected_environments.html

https://docs.gitlab.com/ee/api/graphql/reference/#protectedenvironment

Evidence

#471385 (comment 1988511128)

#465870 (comment 2198695250)

#391760 (comment 2241902249)

Documentation

  • Permission Title: "Manage Protected Environments"
  • Permission Description: "Create, read, update, and delete protected environments"
  • Update prerequisites for feature documentation. Include links to feature pages.
Original

Problem to solve

This issue has been raised when capturing the deltas in permissions between Owner and Maintainer. Owner has this permission, but Maintainer does not. Adding this as a customizable permission helps our customers lessen their reliance on the extremely privileged Owner role, and gives them flexibility when creating new roles to give them only the permissions that they need. In this case the customer is looking to manage protected environments.

Proposal and User Experience

  1. When creating a role, any base can be selected. A new permission is available and labeled "Manage Protected Environments" that can be selected.
  2. The permission actions for admin_protected_environments includes creating, reading, updating, and deleting protected branches along with properties associated:
Group Actions Project Actions

Protected Environments: Create, read, update, and delete environments.

  • Set environment, who can deploy, who can approve.

Protected Environments: Create, read, update, and delete environments.

  • Set environment, who can deploy, who can approve.
Edited by Joe Randazzo