Add MR approval settings to Compliance Dashboard (#3326) · Epics · GitLab.org

Add MR approval settings to Compliance Dashboard

### Problem to solve Organizations need visibility into the compliance status of their groups and projects. One element of compliance is the concept of "separation of duties". There isn't a single view for an admin or group owner to view the MR approval settings for their projects. ### Intended users * [Sidney (Systems Administrator)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sidney-systems-administrator) ### Further details The merge request approval settings are one of the most asked-about features of GitLab. In almost every customer conversation, concerns are raised about the need to set and enforce these settings across an instance or group. Providing an indication that some baseline setting profile is enabled would be helpful for visibility. ### Proposal Add a visual indicator for a project's MR approval settings in the Compliance Dashboard to communicate whether or not the project is adhering to separation of duties. * If `MR authors` are **not** allowed to approve MRs: :white_check_mark: * If `MR committers` are **not** allowed to approve MRs: :white_check_mark: * If `required approvers` is equal to or greater than 2: :white_check_mark: * If all of the above are true: :white_check_mark: * If one of the above is false: :warning: * If none of the above are true: :x: ### Design ![Merge_Requests](/uploads/2ce95f6a41eb238f70a43b54a2ced2f7/Merge_Requests.png) ### Technical implementation plan Step 1. 1. Change the compliance dashboard to a table layout, with headings and each item a new row 2. Move the pipeline status to the new column 3. Update any snapshot tests to confirm it shows as expected Step 2. 1. Update the `MergeRequestComplianceEntity` to output whether each MR meets the above criteria either fully, partially or not at all 2. Update the compliance dashboard to include the new MR approvals column with the outcome of that check using the correct icons 3. Add tests for the `MergeRequestComplianceEntity` to confirm the criteria work 4. Update the compliance dashboard tests to confirm the icons are disabled correctly and we display nothing if we don't know the outcome

epic