The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.
Group | Authorization |
---|---|
Stage | Govern |
Group | Authorization |
Content Last Reviewed | 2024-12-17 |
This is the direction page for the Authorization group in the Software Supply Chain Security stage. The Authorization group is responsible for ensuring that an authenticated user has access to the proper resources within the application. Additionally, the group builds capabilities to detect and prevent malicious activity from occurring within GitLab environments.
Priority | Theme | Target Release |
---|---|---|
1 | Add support for granular token permissions to Job Tokens to allow for fine-grained access in CI/CD workflows. | 18.0 |
2 | Build Admin Custom Role to support granular permissions for the Admin Area to allow organizations to reduce the number of admins on self-managed environments. | 17.10 |
3 | Improve visibility by providing a breakdown of roles and assigned users to allow for organizations to identify and reduce overprivileged users. | Deprioritized |
Priority | Name | DRI | Target Release |
---|---|---|---|
1 | Show fine-grained permissions in job token permissions section | hmehra |
17.8 |
2 | Add ability to create/update a project with fine-grained job token permissions | dftian |
17.8 |
3 | Toggle between default and fine-grained (backend) | dftian |
17.8 |
4 | Implement granular read_admin_subscription permission | TBD |
17.8 |
5 | Implement read_admin_users permission | TBD |
17.8 |
6 | Implement granular read_admin_monitoring permission | TBD |
17.8 |
7 | Assign custom role when sharing a group to a 'project' | eugielimpin |
17.8 |
8 | Confidential | hmehra |
17.8 |
9 | Pre-selected permissions based on base default role | imand3r |
17.8 |
10 | Custom Admin Role - Security testing | TBD |
17.9 |
The UX department has performed a JTBD Canvas for Authorization that can be found on this epic and figma file.
The main jobs for users related to Authorization capabilities include:
Main Job | Outcomes |
---|---|
Provision access rights | Minimize productivity loss coming from user’s lack of access to resources they need to do their job. Minimize security risk and data breaches coming from bad actors. Reduce manual work when managing user’s role and access to resources. |
Maintain access policies | Minimize security risk and data breaches coming from bad actors. Increase compliance in industry related audits (eg SOC II). Standardize organization’s user and resource permission management across all software and applications. |
Gain access rights | Decrease time spent on gaining access rights. Increase productivity Increase team collaboration. |