Update permissions for protected branches (!115495) · Merge requests · GitLab.org / GitLab

Martin Čavoj requested to merge 394962-protected-branches-not-properly-fetched-in-security-policies-page into master Mar 22, 2023

What does this MR do and why?

This MR addresses #394962 (closed)

GET operations for protected branches API currently require admin_project permissions, which makes it impossible for users with Developer role to assign branches to new scan result security policies.

This MR updates the permissions for listing of protected branches to require a lower permission - read_code. This allows fetching of the branches from security policies page.

Screenshots or screen recordings

No visual changes.

Before	After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Impersonate a user with Developer role
Navigate to Security & Compliance > Policies where a security policy project has already been created and linked to the development project.
Create a new scan result policy
Select License scanning in the policy rule
Observe the protected branches being listed in the branches dropdown

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Mar 22, 2023 by Martin Čavoj

Update permissions for protected branches

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports