Skip to content

Requre Admin Mode for cross-organization data access

Rutger Wesselsrequested to merge
569401-policy-change-org-follow-up into master

What does this MR do and why?

Replace check for admin: it will now the outcome of the :admin condition. This means that for cross-organization data access, we need an Instance Admin and Admin Mode to be enabled.

I tried using rule { ~in_current_organization & ~admin }.prevent_all but that caused failures in other policies.

References

Related to #569401

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Rutger Wessels

Merge request reports