<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Label this issue](https://contributors.gitlab.com/manage-issue?action=label&projectId=278964&issueIid=602858) </details> <!--IssueSummary end--> ## TL;DR Extend the Security Manager permission model to allow Security Managers to toggle SAST False Positive Detection settings at the project level, without requiring Maintainer/Owner roles. We want to replicate the same pattern established for SAST VR (https://gitlab.com/groups/gitlab-org/-/work_items/21971 and https://gitlab.com/gitlab-org/gitlab/-/merge_requests/239266) ## Scope ### In Scope * Extend `update_sec_ai_workflow_settings` permission to cover `duo_sast_fp_detection_enabled` setting ### Out of Scope * Secret Detection False Positive Detection (`duo_secret_detection_fp_enabled`) * Group/subgroup/organization/instance level configuration (covered by [&21766](https://gitlab.com/groups/gitlab-org/-/work_items/21766)) * Custom roles support for the permission * Changes to the Vulnerability Details page FP detection action button * New permissions or roles beyond what was established for SAST VR * Redesigning the GitLab role model ## Phase This is Iteration 2 of the parent epic, following the SAST VR permission work completed in Iteration 1. **Epic Phase:** Phase 2 **Parent Epic:** https://gitlab.com/groups/gitlab-org/-/work_items/21725+s ## Problem Statement Security Managers can now toggle SAST Vulnerability Resolution settings (per [&21971](https://gitlab.com/groups/gitlab-org/-/work_items/21971)), but they still cannot enable/disable SAST False Positive Detection without Maintainer/Owner access. With this epic we are creating the permission for them to do this. ## Proposed Approach Replicate the exact pattern established in [gitlab!239266](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/239266): ## Feature Flag - [X] Required **Flag name:** `update_false_positive_setting_permission` **Default state:** Enabled / Disabled **Rollout plan:** Optional gradual rollout details. ## Success Criteria Define outcomes that prove this deliverable is complete. - [ ] Criterion 1 - [ ] Criterion 2 ## Dependencies - Blocked by: #issue - Blocks: #issue ## Implementation Notes Keep this updated as work progresses. ## Open Questions | Question | Owner | Status | |-----------|--------|--------| ## Resources - Design: [link] - Documentation: [link] - Relevant issues, discussions etc.