Skip to content

Grant auditor role read-access to security policies

Dominic Bauer requested to merge 356735-auditor-cannot-see-project-policies into master

Why is this change being made?

Currently, users of auditor type do not have read-only access to security policies. This change rectifies this by adding the missing permission rule.

Related to #356735 (closed)

How to verify

  1. Create a scan result/scan execution policy for some project

  2. Create and sign in a new user of type auditor

  3. Navigate to the project

  4. Observe that the "Policies" navigation element is rendered:

  5. Verify that the previously created policy is listed:

  6. Verify that the auditor user cannot edit, delete or update policies.

Edited by Dominic Bauer

Merge request reports

Loading