Add class for configurable role based DAP permission checks (!213432) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

This change adds the core mechanism that will be used to enforce DAP role-based permission checks for execute, manage, and enable actions.

This iteration: implements the mechanism that will be used to verify that the user meets the configured role-based permission to execute agents/flows within a project.

For GitLab.com, it checks AI settings at the top-level group. For self-managed instances, it uses instance AI settings. If no custom minimum is set, it defaults to requiring Developer+ role.

Example usage: !213767

References

Role-based permissions DAP - Execute permission (#578556 - closed)

Screenshots or screen recordings

Before	After

How to set up and validate locally

Green pipeline 🟢

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Nov 21, 2025 by Katherine Richards

Add class for configurable role based DAP permission checks

What does this MR do and why?

References

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports