17.7 Govern::Authorization - Planning Issue
This is the groupauthorization planning template for 17.7. This issue is primarily for Cross-functional prioritization and discussion.
Goals and outcomes
Token Permissions: Job Tokens
- The team is laying the foundational work for fine-grained permissions in job tokens that includes ensuring the permissions are enforced when the low privileged token is used.
- Adding the ability to configure the token permissions from the UI.
Admin Custom Role
- The team is setting the groundwork to allow for granular permissions in the Admin Area. This includes implementing a
read_adminpermission, along with the ability to assign a user the admin custom role.
Custom Roles
- We previously rolled out the ability to assign a custom role to a group for group memberships. The team is expanding support for group sharing in project memberships.
Community Contributions
Token Permissions for Job Tokens
---
display: table
fields: title, state, assignee, weight, labels("permissions::job tokens", "priority::1")
---
group = "gitlab-org"
AND opened = true
AND label = ("type::feature", "group::authorization", "priority::1", "permissions::job tokens")
AND label in ("workflow::ready for development", "workflow::in dev")
AND milestone = "17.7"Admin Custom Roles
---
display: table
fields: title, state, assignee, weight, labels("permissions::admin custom roles", "priority::1")
---
group = "gitlab-org"
AND opened = true
AND label = ("type::feature", "group::authorization", "priority::1","permissions::admin custom roles")
AND label in ("workflow::ready for development", "workflow::in dev")
AND milestone = "17.7"Custom Roles
---
display: table
fields: title, state, assignee, weight, labels("permissions::custom roles", "priority::1")
---
group = "gitlab-org"
AND opened = true
AND label = ("type::feature", "group::authorization", "priority::1", "permissions::custom roles")
AND label in ("workflow::ready for development", "workflow::in dev")
AND milestone = "17.7"Refinement
---
display: table
fields: title, state, assignee, weight, labels("permissions::*", "priority::1")
---
group = "gitlab-org"
AND opened = true
AND label = ("group::authorization", "priority::1", "workflow::refinement") Others (Bugs, Security, Performance, etc)
---
display: table
fields: title, state, assignee, weight, labels
---
group = "gitlab-org"
AND opened = true
AND label = ("group::authorization", "priority::1", "type::bug") UX
---
display: table
fields: title, state, assignee, weight, labels("workflow::*")
---
group = "gitlab-org"
AND opened = true
AND label = ("group::authorization", "priority::1")
AND label in ("workflow::ready for design", "workflow::design", "workflow::solution validation")
AND milestone = "17.7"Technical Writing
---
display: table
fields: title, state, assignee, weight, labels
---
group = "gitlab-org"
AND opened = true
AND label = ("group::authorization", "Technical Writing", "priority::1" )
AND milestone = "17.7"Tasks
-
PM: Create issue with the title "X.X Govern::Authorization - Planning Issue" -
PM: Set due date with end of milestone -
PM: Update GLQL with targeted milestone. -
PM: Write goals, deliverables, and community contributions. -
PD: Set priority1 label, weight, and milestone on UX work after scope is determined from UX meeting -
TW: Set priority1 & Technical Writing labels, and milestone -
EM: Confirm there is enough work for engineering by evaluating weights. -
EM: Confirm refined issues have the labels ("priority::1","permissions::") and milestone.
Edited by Joe Randazzo