Skip to content

Verify DAP permissions are bound to Maintainer and Owner roles

Background

As part of the DAP (Duo Agent Platform) role-based permissions implementation, we need to verify that the four new permissions are properly bound to the correct access levels.

Parent Epic

This work is part of: &19601

Permissions to Verify

Based on the requirements, the following four DAP permissions should be available to Maintainer and Owner roles:

Permission Guest Reporter Developer Maintainer Owner
Configure Duo Agent Platform features
Create and edit agents and flows
Publish agents and flows
Enable agents and flows

Tasks

Investigation

  • Identify if and where these permissions are defined in the codebase
  • Check current role mappings for each permission
  • Verify if permissions exist or need to be created
  • Document current state vs. expected state

Code Locations to Check

  • Permission definitions (likely in app/policies/ or similar)
  • Role mappings and access level checks
  • DAP-related controllers and services
  • AI catalog and agent-related code

Verification Steps

  • Test each permission with different user roles
  • Verify permissions work at both project and group levels (if applicable)
  • Check permissions work on GitLab.com and Self-Managed
  • Ensure permissions integrate with existing Duo settings

Documentation

  • Document current permission implementation
  • Note any gaps between the current state and requirements
  • Create follow-up issues for missing or incorrect permissions

Acceptance Criteria

  • All four DAP permissions are identified in the codebase
  • Permission mappings to Maintainer/Owner roles are verified
  • Any discrepancies between current and expected behavior are documented
  • Follow-up issues are created for any required changes

Related Issues

Labels

groupseat management sectionfulfillment devopsfulfillment Category:Seat Cost Management typemaintenance

Edited by Lukas Wanko