Add groups to bypass options for merge request approval policy
What does this MR do and why?
Update yaml with roles
When groups updated it would update policy yaml for bypass options
This merge request adds functionality to allow selecting groups as exceptions in a security policy editor. The changes implement a new groups selector component that lets users choose which groups can bypass a security policy, similar to existing functionality for user accounts and tokens.
The main additions include:
- A new groups selector interface with a dropdown to search and select groups
- Integration with the existing policy exceptions modal to handle group selections
- Proper data handling to convert between different ID formats (GraphQL vs regular IDs)
- Form validation and user interface improvements with labels and descriptions
- Comprehensive test coverage for the new functionality
The implementation reuses existing dropdown components and follows the same patterns as other exception types (accounts, tokens, etc.). Users can now specify groups that should be exempt from security policy enforcement, giving administrators more granular control over policy application across their organization.
References
Screenshots or screen recordings
| Description | UI |
|---|---|
| Groups selector | Screen Recording 2025-07-23 at 17.03.49.mov |
How to set up and validate locally
Enable feature flag:
Feature.enable(:security_policies_bypass_options)
Feature.enable(:security_policies_bypass_options_group_roles)- Secure -> Policies
- New merge request approval policy
- Open Advanced settings
- Click add exception button
- Select
groupsoption - Only linked to same SPP groups are loaded
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #548610 (closed)