Add admin compliance framework custom permission

What does this MR do and why?

It adds a new custom permission, admin compliance framework.

• it adds a custom ability YAML file created by running ./ee/bin/custom-ability -d "Allows admin of compliance framework." -c compliance_management -p -i "#411502" admin_compliance_framework
• the migration was generated by running rails g gitlab:custom_roles:code --ability admin_compliance_framework
• the documentation was generated by running bundle exec rake gitlab:custom_roles:compile_docs

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

1. Log in with a user who has a guest role in a group
2. Make sure you can't access compliance-related views / endpoints (see below)
3. Create a new custom permission enabling managing admin compliance framework - on self-managed in the admin UI (http://gdk.test:3000/admin/application_settings/roles_and_permissions), on SaaS in the group settings (eg. http://gdk.test:3000/groups/flightjs/-/settings/roles_and_permissions)
4. Assign this custom role to the guest user (on group members page, eg. http://gdk.test:3000/groups/flightjs/-/group_members)
5. Now test the compliance-related views / endpoints again, they now should be accessible and work as expected

Compliance-related views & endpoints

Group

• Menu item Settings - General should be accessible
• Only section Compliance frameworks should be visible there
• And it should be possible to view, edit, and add compliance frameworks

Project

• Menu item Settings - General should be accessible
• Only section Compliance framework should be visible there
• And it should be possible to change the project compliance framework
• GraphQL mutation, example:

mutation {
  projectSetComplianceFramework(input: { 
    projectId: "gid://gitlab/Project/7",
    complianceFrameworkId: "gid://gitlab/ComplianceManagement::Framework/4"
  }) {
    project {
      id
    }
  }
}

Related to #411502 (closed)

changed milestone to %16.9

added Category:Permissions auto-report backend customer devopsgovern documentation groupauthorization priority1 sectionsec typefeature workflowin dev labels

assigned to @jarka

changed title from Generate ability YAML file to Add admin compliance framework as a custom permission

added database databasereview pending labels

	3 Warnings
	dca62448: The commit subject must contain at least 3 words. For more information, take a look at our Commit message guidelines.
	dca62448: The commit subject must start with a capital letter. For more information, take a look at our Commit message guidelines.
	a60420f5: The commit body should not contain more than 72 characters per line. For more information, take a look at our Commit message guidelines.

	1 Message
	This merge request adds or changes documentation files. A review from the Technical Writing team before you merge is recommended. Reviews can happen after you merge.

Documentation review

The following files require a review from a technical writer:

• doc/api/graphql/reference/index.md (Link to current live version)
• doc/user/custom_roles/abilities.md (Link to current live version)

The review does not need to block merging this merge request. See the:

• Metadata for the *.md files that you've changed. The first few lines of each *.md file identify the stage and group most closely associated with your docs change.
• The Technical Writer assigned for that stage and group.
• Documentation workflows for information on when to assign a merge request for review.

Reviewer roulette

Category	Reviewer	Maintainer
backend	@mokhax (UTC-6, 8 hours behind author)	@jtapiab (UTC-4, 6 hours behind author)
frontend	@marina.mosti (UTC+2, same timezone as author)	@slashmanov (UTC+4, 2 hours ahead of author)
groupauthorization	Reviewer review is optional for groupauthorization	@mokhax (UTC-6, 8 hours behind author)

Please check reviewer's status!

• Reviewer is available!
• Reviewer is unavailable!

Please refer to documentation page for guidance on how you can benefit from the Reviewer Roulette, or use the GitLab Review Workload Dashboard to find other available reviewers.

If needed, you can retry the danger-review job that generated this comment.

Generated by Danger

changed the description

E2E Test Result Summary

allure-report-publisher generated test report!

e2e-test-on-gdk: test report for 22f421a6

expand test summary

+------------------------------------------------------------------+
|                          suites summary                          |
+-------------+--------+--------+---------+-------+-------+--------+
|             | passed | failed | skipped | flaky | total | result |
+-------------+--------+--------+---------+-------+-------+--------+
| Govern      | 66     | 0      | 0       | 0     | 66    | ✅     |
| Data Stores | 31     | 0      | 0       | 0     | 31    | ✅     |
| Create      | 87     | 0      | 9       | 0     | 96    | ✅     |
| Plan        | 51     | 0      | 2       | 0     | 53    | ✅     |
| Verify      | 35     | 0      | 1       | 0     | 36    | ✅     |
| Monitor     | 7      | 0      | 0       | 0     | 7     | ✅     |
| Package     | 24     | 0      | 6       | 0     | 30    | ✅     |
| Analytics   | 2      | 0      | 0       | 0     | 2     | ✅     |
| Release     | 5      | 0      | 0       | 0     | 5     | ✅     |
| Manage      | 0      | 0      | 1       | 0     | 1     | ➖     |
+-------------+--------+--------+---------+-------+-------+--------+
| Total       | 308    | 0      | 19      | 0     | 327   | ✅     |
+-------------+--------+--------+---------+-------+-------+--------+

e2e-package-and-test: test report for 22f421a6

expand test summary

+------------------------------------------------------------------+
|                          suites summary                          |
+-------------+--------+--------+---------+-------+-------+--------+
|             | passed | failed | skipped | flaky | total | result |
+-------------+--------+--------+---------+-------+-------+--------+
| Govern      | 300    | 0      | 13      | 5     | 313   | ✅     |
| Create      | 182    | 0      | 21      | 2     | 203   | ✅     |
| Plan        | 44     | 0      | 4       | 0     | 48    | ✅     |
| Verify      | 18     | 0      | 0       | 0     | 18    | ✅     |
| Data Stores | 22     | 0      | 0       | 0     | 22    | ✅     |
| Package     | 6      | 0      | 8       | 0     | 14    | ✅     |
| Monitor     | 8      | 0      | 0       | 0     | 8     | ✅     |
| Release     | 2      | 0      | 0       | 0     | 2     | ✅     |
+-------------+--------+--------+---------+-------+-------+--------+
| Total       | 582    | 0      | 46      | 7     | 628   | ✅     |
+-------------+--------+--------+---------+-------+-------+--------+

changed the description

changed the description

added 1 commit

• 6ba31d97 - Generate migration and request spec

Compare with previous version

changed title from Add admin compliance framework as a custom permission to Add base for admin compliance framework custom permission

changed milestone to %16.10

added missed:16.9 label

added 2815 commits

• 6ba31d97...96e85d37 - 2812 commits from branch master
• c204f84c - Generate ability YAML file
• 233b49a4 - Generate migration and request spec
• 08a906cb - Add admin admin compliance framework as custom ability

Compare with previous version

changed title from Add base for admin compliance framework custom permission to Add admin compliance framework custom permission

changed the description

added frontend label

Bundle size analysis [beta]

This compares changes in bundle size for entry points between the commits 58909b24 and 2f0c538b

Special assets

Entrypoint / Name	Size before	Size after	Diff	Diff in percent
average	4.24 MB	4.24 MB	-	0.0 %
mainChunk	3.22 MB	3.22 MB	-	0.0 %

---

Note: We do not have exact data for 58909b24. So we have used data from: a46bcdd6.
The target commit was too new, so we used the latest commit from master we have info on.
It might help to rerun the bundle-size-review job
This might mean that you have a few false positives in this report. If something unrelated to your code changes is reported, you can check this comparison in order to see if they caused this change.

Please look at the full report for more details

---

Read more about how this report works.

Generated by Danger