Resolve "Spike for ability to disable project integrations for high compliance requirement customers"
Admin settings allowing all integrations. This setting cascades to groups and projects so all integrations are available.
Admin settings with allow-list to enable only certain integrations. This setting cascades to groups and projects.
Admin settings with allow-list to disable all integrations (by not allow-listing any). This setting cascades to groups and projects.
Group can override if the admin settings are not "locked" (this would allow groups on GitLab.com to enforce allow lists of integrations)
Group cannot override the admin settings when the settings are "locked" (this would allow instances to enforce instance-wide settings)
Edited by Luke Duncalfe