Skip to content

Bind vulnerability_feedback* to custom role permissions

mo khan requested to merge mokhax/412693/vulnerability-feedback-permissions into master

What does this MR do and why?

In %17.0 we are introducing a breaking change that removes the ability to change the state of a vulnerability away from the Developer role. This change will allow organizations to maintain a separate role for these privileges via a custom role. To accommodate the upcoming change this MR decouples the vulnerability_feedback_* abilities away from the Developer role and binds it to the read_vulnerability and admin_vulnerability abilities. The Developer role will maintain the admin_vulnerability permission until %17.0. The work in this MR is a continuation of the work started in !134579 (merged).

#412693 (closed)

Screenshots or screen recordings

Maintainer Developer
image image
image image

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by mo khan

Merge request reports

Loading