Draft: Add DAP Minimum Role Selection Component to Settings

Angelo Gulinarequested to merge
ag/578934-create-dap-permission-settings-component-002 into master

What does this MR do and why?

This code change adds a new AI role permissions feature to GitLab's AI settings interface. The main changes include:

New Component: A new "AI Role Permissions" component is added that allows administrators to control who can use different types of AI features based on their role level (like Guest, Reporter, Developer, etc.).

Two Permission Types: The feature introduces two distinct permission controls:

  • "Execute" - for AI features that run locally without using CI/CD resources
  • "Execute Async" - for AI workflows that run through CI/CD pipelines

Feature Flags: The functionality is controlled by feature flags that work differently for SaaS (cloud) vs self-managed GitLab instances, ensuring the feature can be gradually rolled out.

Integration: The new permissions component is integrated into the existing AI settings form, appearing when the appropriate feature flags are enabled. It tracks changes to permission levels and enables the save button when modifications are made.

Role Options: Different role levels are available for each permission type - local execution allows lower roles (starting from Guest) while async execution requires higher roles (starting from Developer).

The change essentially gives administrators fine-grained control over which users can access different AI capabilities based on their project role, helping organizations manage AI feature usage according to their security and resource policies.

See conversation (internal note).

Note: consider the new UI, with the split Execute permissions. (Older screenshots have not been updated.)
Screenshot_2025-12-09_at_14.48.32

References

Screenshots or screen recordings

dap_group_customizable_permissions: enabled Screenshot_2025-12-01_at_11.46.34
dap_group_customizable_permissions: disabled Screenshot_2025-12-01_at_11.47.13
dap_instance_customizable_permissions: enabled Screenshot_2025-12-01_at_11.48.37
dap_instance_customizable_permissions: disabled Screenshot_2025-12-01_at_11.49.35

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Angelo Gulina

Merge request reports