Allow creation of group-level custom-roles on self-managed instances
What does this MR do and why?
- In 16.8, creating group-level custom role creating on a self-managed instance results in an error.
In this MR:
- Introduce beta feature-flag,
restrict_member_roles
, which is disabled by default. - When it's off, admins can create group-level and instance-level custom roles when on a self-managed instance.
- When it's on, admins can only create instance-level custom roles on a self-managed instance.
- When on SaaS mode, only group-level roles can be created.
- Merged to Gitlab.com - !142637 (merged) + !141798 (merged)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
This MR is backporting a bug fix, documentation update, or spec fix, previously merged in the default branch. -
The MR that fixed the bug on the default branch has been deployed to GitLab.com (not applicable for documentation or spec changes). -
This MR has a severity label assigned (if applicable). -
Set the milestone of the merge request to match the target backport branch version. -
This MR has been approved by a maintainer (only one approval is required). -
Ensure the e2e:package-and-test-ee
job has either succeeded or been approved by a Software Engineer in Test.
Note to the merge request author and maintainer
If you have questions about the patch release process, please:
- Refer to the patch release runbook for engineers and maintainers for guidance.
- Ask questions on the
#releases
Slack channel (internal only).
Edited by Hinam Mehra