Skip to content

Review and update security and compliance permissions

What does this MR do?

A recent customer interaction [internal ticket] made me look closer at permissions we have on features under Security and Compliance section of the right sidebar. There are things didn't add up:

  • Threat Monitoring, On-demand Scans, and Security Configuration are not present in the table at all.
  • View Dependency list, View License list - these features are both marked as available for guest/reporter while they are only available starting from developer (I tested it on GitLab.com project). If my humble understanding of the codebase is correct, we set these permissions in security_compliance_menu.rb and project_policy.rb

This MR is meant to correct these ^ issues by updating the documentaion.

Related issues

Author's checklist

To avoid having this MR be added to code verification QA issues, don't add these labels: feature, frontend, backend, ~"bug", or database

Review checklist

Documentation-related MRs should be reviewed by a Technical Writer for a non-blocking review, based on Documentation Guidelines and the Style Guide.

  • If the content requires it, ensure the information is reviewed by a subject matter expert.
  • Technical writer review items:
    • Ensure docs metadata is present and up-to-date.
    • Ensure the appropriate labels are added to this MR.
    • If relevant to this MR, ensure content topic type principles are in use, including:
      • The headings should be something you'd do a Google search for. Instead of Default behavior, say something like Default behavior when you close an issue.
      • The headings (other than the page title) should be active. Instead of Configuring GDK, say something like Configure GDK.
      • Any task steps should be written as a numbered list.
      • If the content still needs to be edited for topic types, you can create a follow-up issue with the docs-technical-debt label.
  • Review by assigned maintainer, who can always request/require the above reviews. Maintainer's review can occur before or after a technical writer review.
  • Ensure a release milestone is set.
Edited by Kate Grechishkina

Merge request reports