Manage protected branch unprotection permissions via admin UI
In tightly controlled environments, like those that have regulatory review requirements, it is critical that only reviewed code reaches master. This can be configured using protected branches by setting 'No one' to have push permissions for
master, but this can be changed by anyone with Owner or Master permissions for the project. These organizations need a mechanism to enforce this rule and prevent it being changed or removed except by an Admin.
Added in %10.7 by https://gitlab.com/gitlab-org/gitlab-ee/issues/4800 protected branch rules can be created via the API using the
unprotect_access_level attribute to restrict who can remove/edit the protected branch rule.
The allowed settings for
- Master (Default)
A user cannot create a rule that they will not be able edit or remove (e.g. a Master cannot create a protected branch rule with
We should make it possible to create protected branch rules with these restrictions using the web interface, not just that API.
Add a interface to allow admins
owners and masters(moved to https://gitlab.com/gitlab-org/gitlab-ee/issues/5742) to add/edit/remove protected branches and set the
Provide feedback to users who do not have permissions to unprotect a specific rule, who does have permissions to change the rule.
Only an Owner can unprotect
Note: Admins should not be create protect branch rules with
admin unprotect_access_level through the project UI (see https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/18344/diffs#469c7fb6d642cd0821fcce2eee1f42289cb955bd_18_22)