Audit event for Minimal Access role assignment due to seat limits

Sandra Torequested to merge
580432-audit-events-minimum-access-role into master

What does this MR do and why?

Adds a new audit event (group_minimal_access_role_adjusted_seat_limit) that is recorded whenever a user is automatically assigned the Minimal Access (MA) role because no billable seats are available and Restricted Access (RA) is enabled.

References

  1. Users with Minimal Access
  2. Restricted Access:
    1. GitLab.com
    2. Self-Managed
  3. Audit events

Screenshots or screen recordings

Instance Audit Screenshot
GitLab.com image
Self-Manged image

How to set up and validate locally

  1. Enable feature flag in Rails console 
    Feature.enable(:bso_minimal_access_fallback)
  2. Enable Restricted Access (RA) on web - see documentation in references
  3. Trigger service call in Rails console 
    group = Group.last
member = group.all_group_members.last

include GitlabSubscriptions::MemberManagement::SeatAwareProvisioning
audit_minimal_access_role_adjustment(group, member, Gitlab::Access::DEVELOPER)
  4. See audit event at
    1. GitLab.com: http://localhost:3000/groups/<group-path>/-/audit_events
    2. Self-managed: http://localhost:3000/admin/audit_logs

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #580432

Edited by Sandra To

Merge request reports