Suggested Solution - Settings permissions - Frontend
In gitlab.com/gitlab-org/gitlab/-/issues/216026, we have created a new settings section in Security & Compliance > Configuration. The new section lets authorized user toggle auto-fix settings for all or some scan types.
Currently, the settings can be toggled by anyone who has access to the Security & Compliance > Configuration page (= Developer+
).
After some discussions, we have decided to review those permissions as follows:
-
Developer+
will be able to see the settings, but they won't be authorized to toggle them (the inputs will be disabled). -
Maintainer+
will be able to both view and toggle the settings.
The frontend will be notified of the permissions via the can_toggle_auto_fix_settings
prop.
The backend work is being done in !32783 (merged).