Update permissions for protected branches
requested to merge 394962-protected-branches-not-properly-fetched-in-security-policies-page into master
What does this MR do and why?
This MR addresses #394962 (closed)
GET
operations for protected branches API currently require admin_project
permissions, which makes it impossible for users with Developer
role to assign branches to new scan result security policies.
This MR updates the permissions for listing of protected branches to require a lower permission - read_code
. This allows fetching of the branches from security policies page.
Screenshots or screen recordings
No visual changes.
Before | After |
---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Impersonate a user with
Developer
role - Navigate to
Security & Compliance
>Policies
where a security policy project has already been created and linked to the development project. - Create a new scan result policy
- Select
License scanning
in the policy rule - Observe the protected branches being listed in the branches dropdown
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Martin Čavoj