Allow maintainers to fetch secrets permissions list (!207042) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Maintainers should be able to view permissions, but not take action (they cannot create or delete). Generally, all Maintainers have access the settings page (Settings > General > Visibility, project features, permissions) even though we only allow Owners to be able to take action on secrets manager settings.

This MR introduces a new project policy to allow maintainers to read permissions.

References

Screenshots or screen recordings

Before	After

How to set up and validate locally

Setup

Upload an Premium or Ultimate license.
Set up openbao on your gdk.
Enable the secrets manager on gdk.

Verification

Go to your project settings (Settings > General) and expand Visibility, project features, permissions to view the permissions table.
Maintainers should be able to view the permissions settings but the UI for creating or deleting permissions should be hidden.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Oct 01, 2025 by Dmytro Biryukov

Allow maintainers to fetch secrets permissions list

What does this MR do and why?

References

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports