diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-24 18:09:00 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-24 18:09:00 +0300 |
| commit | c282dba898a4cb0645f88579339502a4e3778727 (patch) | |
| tree | 94a6457ce4438e085c9ae43bc51a2b5a29787bf2 /doc/development/permissions.md | |
| parent | 2c2dd5e36c4ed5f09f488be288882d98f9124d12 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/development/permissions.md')
| -rw-r--r-- | doc/development/permissions.md | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/doc/development/permissions.md b/doc/development/permissions.md index 5d409c9461e..9e67079d1bc 100644 --- a/doc/development/permissions.md +++ b/doc/development/permissions.md @@ -61,3 +61,42 @@ is stored in the `project_authorizations` table. Confidential issues can be accessed only by project members who are at least reporters (they can't be accessed by guests). Additionally they can be accessed by their authors and assignees. + +### Licensed features + +Some features can be accessed only if the user has the correct license plan. + +## Permission dependencies + +Feature policies can be quite complex and consist of multiple rules. +Quite often, one permission can be based on another. + +Designing good permissions means reusing existing permissions as much as possible +and making access to features granular. + +In the case of a complex resource, it should be broken into smaller pieces of information +and each piece should be granted a different permission. + +A good example in this case is the _Merge Request widget_ and the _Security reports_. +Depending on the visibility level of the _Pipelines_, the _Security reports_ will be either visible +in the widget or not. So, the _Merge Request widget_, the _Pipelines_, and the _Security reports_, +have separate permissions. Moreover, the permissions for the _Merge Request widget_ +and the _Pipelines_ are dependencies of the _Security reports_. + +### Permission dependencies of Secure features + +Secure features have complex permissions since these features are integrated +into different features like Merge Requests and CI flow. + + Here is a list of some permission dependencies. + +| Activity level | Resource | Locations |Permission dependency| +|----------------|----------|-----------|-----| +| View | License information | Dependency list, License Compliance | Can view repo | +| View | Dependency information | Dependency list, License Compliance | Can view repo | +| View | Vulnerabilities information | Dependency list | Can view security findings | +| View | Black/Whitelisted licenses for the project | License Compliance, Merge request | Can view repo | +| View | Security findings | Merge Request, CI job page, Pipeline security tab | Can read the project and CI jobs | +| View | Vulnerability feedback | Merge Request | Can read security findings | +| View | Dependency List page | Project | Can access Dependency information | +| View | License Compliance page | Project | Can access License information| |