Allow reporter+ to read analytics dashboards in groups and projects
What does this MR do and why?
Change user role permissions to read analytics dashboards with the following:
- At project-level downgrade permissions from DEVELOPER+ to REPORTER+ to be consistent with group level
- Fix group-level to allow REPORTER+ access as current docs states
- Use the same policy rule
:read_product_analytics, in GraphQL authorization, this same rule is already being used in frontend, for example, to check if user can see analytics dashboards option in the menu
related to #481525
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
No changes to the UI.
How to set up and validate locally
- Create a group with a project and add a reporter to the group
- Login as reporter
- Go to group Analyze > Analytics Dashboards, you should be able to browse dashboards
- Go to project Analyze > Analytics Dashboards, you should be able to browse dashboards
- Repeat the same steps with a guest, in this case 404 will be rendered.
Edited by Felipe Cardozo