Review and update security and compliance permissions
What does this MR do?
A recent customer interaction [internal ticket] made me look closer at permissions we have on features under Security and Compliance section of the right sidebar. There are things didn't add up:
-
Threat Monitoring
,On-demand Scans
, andSecurity Configuration
are not present in the table at all. -
View Dependency list
,View License list
- these features are both marked as available for guest/reporter while they are only available starting fromdeveloper
(I tested it on GitLab.com project). If my humble understanding of the codebase is correct, we set these permissions in security_compliance_menu.rb and project_policy.rb
This MR is meant to correct these ^ issues by updating the documentaion.
Related issues
Author's checklist
-
Follow the Documentation Guidelines and Style Guide. -
Ensure that the product tier badge is added to doc's h1
. -
Request a review based on the documentation page's metadata and associated Technical Writer.
To avoid having this MR be added to code verification QA issues, don't add these labels: feature, frontend, backend, ~"bug", or database
Review checklist
Documentation-related MRs should be reviewed by a Technical Writer for a non-blocking review, based on Documentation Guidelines and the Style Guide.
-
If the content requires it, ensure the information is reviewed by a subject matter expert. - Technical writer review items:
-
Ensure docs metadata is present and up-to-date. -
Ensure the appropriate labels are added to this MR. - If relevant to this MR, ensure content topic type principles are in use, including:
-
The headings should be something you'd do a Google search for. Instead of Default behavior
, say something likeDefault behavior when you close an issue
. -
The headings (other than the page title) should be active. Instead of Configuring GDK
, say something likeConfigure GDK
. -
Any task steps should be written as a numbered list. - If the content still needs to be edited for topic types, you can create a follow-up issue with the docs-technical-debt label.
-
-
-
Review by assigned maintainer, who can always request/require the above reviews. Maintainer's review can occur before or after a technical writer review. -
Ensure a release milestone is set.
Edited by Kate Grechishkina