[go: up one dir, main page]
Skip to content

Disable self-approval at the Instance level

Problem to solve

Compliance-minded organizations rely on specific controls within GitLab to adhere to internal company policies and legal or regulatory compliance frameworks. An issue encountered by Administrators of a GitLab instance is an Owner can modify the merge request approvals settings for a project they own, enabling them to push code into production and then re-enable the merge request approvals settings. This creates a gap in the separation of duties and access controls policies for an organization and introduces risk to a production environment.

Further details

To ensure at least two people review a merge request other than the author and committers, two settings exist:

  • Prevent approval of merge requests by merge request author
  • Prevent approval of merge requests by merge request committers

But, the maintainer or owner can change these. This makes it possible to bypass this restriction in secure environments where this needs to be the case without exception for every project.

This MVC should focus only on implementing instance-level settings and follow with an iterative addition to control these settings at the group level.

Proposal

Introduce settings at the instance level, in Rules (formerly Push Rules) under Merge request approvals, to restrict the three most important merge request approvals settings at the project level:

  • Prevent approval of merge requests by merge request author
  • Prevent approval of merge requests by merge request committers
  • Approvers List
    • This would restrict all action items such as "Edit", "Delete", or "Add"
    • This would restrict "Can override approvers and approvals required per merge request"

At the Project level, these settings should only be editable by Administrators, but still be visible to non-admins for information purposes.

Admin Panel View Project-level View
Screen_Shot_2019-12-20_at_10.01.28_AM Screen_Shot_2020-01-15_at_6.43.23_AM
Checkboxes (OFF by default) an Administrator can select to restrict specific MR approval settings across all Projects The project-level MR approvals settings section changes to readonly for the settings selected by the Administrator.

If the restriction is enabled at the instance level, only an admin may override the setting at the group or project level.

Links / references

Edited by Matt Gonzales (ex-GitLab)