Skip to content

Update permissions for protected branches

What does this MR do and why?

This MR addresses #394962 (closed)

GET operations for protected branches API currently require admin_project permissions, which makes it impossible for users with Developer role to assign branches to new scan result security policies.

This MR updates the permissions for listing of protected branches to require a lower permission - read_code. This allows fetching of the branches from security policies page.

Screenshots or screen recordings

No visual changes.

Before After
image image

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Impersonate a user with Developer role
  2. Navigate to Security & Compliance > Policies where a security policy project has already been created and linked to the development project.
  3. Create a new scan result policy
  4. Select License scanning in the policy rule
  5. Observe the protected branches being listed in the branches dropdown

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Martin Čavoj

Merge request reports

Loading