Feature Flag Environment Permissions together with User IDs
Problem to solve
Now that we introduced Feature flags based on user ID and Feature flags based on environments, we need to combine the permissions in order for a user to be able to enable users only on the environments that he/she has permissions to.
For the first iteration, we disabled the User ID Input if you don't have permissions for all the environments shown, similar to how the feature flag name and description is disabled in the same situation.
- Developers who have environment permissions
- QA engineers who wish to enable/disable flags for specific users (application users - non-GitLab)
- Release managers who deploy to specific users (application users - non-GitLab)
Permissions need to be definable on a per-environment basis. For example, review apps may be a free for all, stage may be controlled to developers-only (generally wide access but not everyone), and production/performance environments may be restricted to just a handful of specific people - not even a role like maintainer may be granular enough for an environment like that. We must follow suit when enabling specific users to environments. This can be used to deploy "test versions" to specific customers before GA release. It can be used to allow "sneak peeks" to selected customers before deployment.
The permission to set user ID in a specific environment should be the same permissions as the environment. Meaning if I have access to staging but not production, I shouldn't be able to enable features in production to specific users.
Permissions and Security
What does success look like, and how can we measure that?
number of times someone modified the user id list for feature flags in a specific environment