Clearly show the source for policies with identical names but coming from different sources

Summary

The Policies page in project settings does not differentiate between policies with identical names that are inherited from different sources (group-level vs project-level). This causes confusion when viewing and managing policies, as there's no visual indication of which policy comes from which source. It displays that the two policies come from the same source.

Steps to reproduce

Create a scan execution policy at the top-level group with a specific name (e.g., "Daily Security Scan")
Create another SEP at the project level with the same name and configuration
Navigate to the project's Policies page (Settings > Security & Compliance > Policies)
Observe the list of policies

Example Project

https://gitlab.com/gl-demo-ultimate-khrechyshkina/tickets/zd-597080

What is the current bug behavior?

The Policies page displays both policies as being "inherited from your top-level group" without distinguishing between:

The policy that is actually inherited from the top-level group
The policy that is configured at the project level

This makes it impossible for users to identify the source of each policy and manage them effectively.

What is the expected correct behavior?

The Policies page should clearly differentiate between policies from different sources:

Policies inherited from the group level should be labeled as "Inherited from [group name]"
Policies configured at the project level should be labeled as "Project policy" or similar
If policies have the same name but different sources, both the name and source should be clearly displayed

Relevant logs and/or screenshots

Edited Jan 15, 2025 by Kate Grechishkina