[UX] Design: Adding and editing fine-grained permissions for job tokens

Problem to solve

Job tokens have excess and overprivileged access
Lack of API support, relying on long-lived tokens
Lack of fine-grained control to resources

Customers would like the ability to reduce the permissions of a token to only what's necessary for the job.

Intended users

Security Engineer
Security Operations
Project owners

User experience goal

Project owners/maintainers can opt-in to fine-grained permissions for job tokens in the project's allowlist

Is this a cross-stage feature?

Cross-group collaboration with grouppipeline security and groupauthentication

Links / references

Design Exploration

We explored two approaches: solution validation can be found in #480756 (closed). This work allowed us to confidently move forward with the inbound allowlist definition in the API/UI.

We then explored ways to incorporate resource permission definition in the existing allowlist:

Options	Team Feedback
Moving the allowlist creation with permissions into a drawer, additional features: Update dropdown to namespace path definition Add wildcard Resource permissions with dropdown	Using the drawer to update setting configuration in the CI/CD settings (as used in variable) has not worked well for users in the past Namespace path definition run the risk of users having to manually update if project is moved Will users understand the difference between read, read and write, and none as permission definitions? Keep UX changes to a minimum given the breaking change for users in 18.0
Simplify the radio button to a toggle:	Toggle was previously used with outbound allowlist and didn't work well with user Existing UX with radio buttons allow users to update allowlist before fully restricting project
Permission configuration in new page	Can be a consideration for future iteration

Options

Team Feedback

Moving the allowlist creation with permissions into a drawer, additional features:

Update dropdown to namespace path definition
Add wildcard
Resource permissions with dropdown

Using the drawer to update setting configuration in the CI/CD settings (as used in variable) has not worked well for users in the past
Namespace path definition run the risk of users having to manually update if project is moved
Will users understand the difference between read, read and write, and none as permission definitions?
Keep UX changes to a minimum given the breaking change for users in 18.0

Simplify the radio button to a toggle:

Toggle was previously used with outbound allowlist and didn't work well with user
Existing UX with radio buttons allow users to update allowlist before fully restricting project

Permission configuration in new page

Can be a consideration for future iteration

After feedback and collaboration with grouppipeline security, we opted to use existing UX table with in-line form to define permissions. Prototypes:

Add permissions to group or project in job token allowlist
Edit permissions of group or project in job token allowlist

Solution Validation

Are we confident in moving forward with the solution?

Yes - Overall, feedback to the workflow of adding and editing job token permissions is straightforward and easy to use.

Additional learnings:

The terms used for permission options, default vs fine-grained permissions matched user expectations
Descriptions below each resource will be valuable to users when selecting permissions

Solution validation results

📖 Dig into findings here: [Solution Validation]: Usability focused valida... (ux-research#3238 - closed)

Final Design and Specs

Design Details

Design	Details
Updates to allowlist table: Figma link	Add permissions column under Project Settings > CI/CD > Job Token Permissions If permissions are default, display: `Default (user membership and role)` If permissions are fine-grained, display: `[permission: Read only, Read and write] to [Resource name]`, example: `Read and write to Packages` Add edit button icon next to remove, on hover, display "Edit permissions" When user click remove, show modal:
Updates to add/project form: Figma link Default permissions Fine-grained permissions Fine-grained permissions dropdown	In the add/group or project permission, add a section in the form called: `Permissions` Permissions section includes radio selection for `Default permissions` or `Fine-grained permissions` When fine-grained permissions is selected, show the resource and permissions table Dropdown options for permissions include: `None, Read only, Read and write` Resource descriptions are tbd, issue can be found here: #500695 (closed)
Edit permissions: Figma link Default permissions: Fine-grained permissions: Fine-grained permissions dropdown	After user clicks edit button, bring up form with group or project information disabled Permissions section includes radio selection for `Default permissions` or `Fine-grained permissions` When fine-grained permissions is selected, show the resource and permissions table Dropdown options for permissions include: `None, Read only, Read and write` Action copy for editing permissions will be "`Save`" Use toast notification to update of success or error.

Updates to allowlist table: Figma link

Add permissions column under Project Settings > CI/CD > Job Token Permissions
If permissions are default, display: Default (user membership and role)
If permissions are fine-grained, display: [permission: Read only, Read and write] to [Resource name], example: Read and write to Packages
Add edit button icon next to remove, on hover, display "Edit permissions"
When user click remove, show modal:

Updates to add/project form: Figma link

Default permissions

Fine-grained permissions

Fine-grained permissions dropdown

In the add/group or project permission, add a section in the form called: Permissions
Permissions section includes radio selection for Default permissions or Fine-grained permissions
When fine-grained permissions is selected, show the resource and permissions table
Dropdown options for permissions include: None, Read only, Read and write
Resource descriptions are tbd, issue can be found here: #500695 (closed)

Edit permissions: Figma link

Default permissions:

Fine-grained permissions:

Fine-grained permissions dropdown

After user clicks edit button, bring up form with group or project information disabled
Permissions section includes radio selection for Default permissions or Fine-grained permissions
When fine-grained permissions is selected, show the resource and permissions table
Dropdown options for permissions include: None, Read only, Read and write
Action copy for editing permissions will be "Save"
Use toast notification to update of success or error.

Next Steps:

[UX] Design: Onboarding to fine-grained permiss... (#499312) designs for onboarding users to fine-grained permissions
Work on descriptions for each resource: Description for resources in job token permissions (#500695 - closed)

Edited Oct 28, 2024 by Ilonah Pelaez