Update/Delete Group Secret Permissions
Feature
Manage access control for group secrets
Scope
- Extend
UserJwtto include group context for management operations -
Permissions::UpdateService- grant/revoke permissions for users/roles/groups -
Permissions::DeleteService- remove all permissions for a principal -
Permissions::ListService- retrieve all permissions for a group - Support for User, Role, MemberRole, and Group principals
- CEL-based authentication similar to project secrets
- GraphQL mutations:
groupSecretPermissionUpdate,groupSecretPermissionDelete - GraphQL queries:
group.secretPermissions { ... } - GraphQL types:
GroupSecretPermissionType
Implementation table
| header | header |
|---|---|
| backend |
|
| frontend | #577462 |
Can be split into separate MRs
- MR 1: Update permission mutation (services + GraphQL)
- MR 2: Delete permission mutation (services + GraphQL)
- MR 3: List permissions query (service + GraphQL)
Deliverable
Group owners can control who can manage group secrets (create, read, update, delete)
Dependencies
Notes
- Provides parity with project secret permissions
- Required for production use
- Follows same patterns as project-level permissions
Related to &17904
Edited by 🤖 GitLab Bot 🤖