diff --git a/app/validators/json_schemas/member_role_permissions.json b/app/validators/json_schemas/member_role_permissions.json
index 92efa0f0f5583f4e6026ec2cfeb37dd68f0c1f74..7bb060fc379291f24d527a1eb2a6b2bfc5096e21 100644
--- a/app/validators/json_schemas/member_role_permissions.json
+++ b/app/validators/json_schemas/member_role_permissions.json
@@ -64,6 +64,9 @@
"read_admin_dashboard": {
"type": "boolean"
},
+ "read_admin_monitoring": {
+ "type": "boolean"
+ },
"read_code": {
"type": "boolean"
},
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index 2ed172aee518b52b7b727a9cd8e973078ffe8d3c..6419aaa7586d6c45d56a613ad2a0aa6f61cb5674 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -40927,6 +40927,7 @@ Member role admin permission.
| ----- | ----------- |
| `READ_ADMIN_CICD` | Read CI/CD details including runners and jobs. |
| `READ_ADMIN_DASHBOARD` | Read-only access to admin dashboard. |
+| `READ_ADMIN_MONITORING` | Allows read access to system monitoring including system info, background migrations, health checks, audit logs, and gitaly in the Admin Area. |
### `MemberRolePermission`
@@ -40954,6 +40955,7 @@ Member role permission.
| `MANAGE_SECURITY_POLICY_LINK` | Allows linking security policy projects. |
| `READ_ADMIN_CICD` | Read CI/CD details including runners and jobs. |
| `READ_ADMIN_DASHBOARD` | Read-only access to admin dashboard. |
+| `READ_ADMIN_MONITORING` | Allows read access to system monitoring including system info, background migrations, health checks, audit logs, and gitaly in the Admin Area. |
| `READ_CODE` | Allows read-only access to the source code in the user interface. Does not allow users to edit or download repository archives, clone or pull repositories, view source code in an IDE, or view merge requests for private projects. You can download individual files because read-only access inherently grants the ability to make a local copy of the file. |
| `READ_COMPLIANCE_DASHBOARD` | Read compliance capabilities including adherence, violations, and frameworks for groups and projects. |
| `READ_CRM_CONTACT` | Read CRM contact. |
diff --git a/ee/config/custom_abilities/read_admin_monitoring.yml b/ee/config/custom_abilities/read_admin_monitoring.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f981229e153d3f083a161d36e03e726f66e82a65
--- /dev/null
+++ b/ee/config/custom_abilities/read_admin_monitoring.yml
@@ -0,0 +1,12 @@
+---
+title: View system monitoring
+name: read_admin_monitoring
+description: Allows read access to system monitoring including system info, background migrations, health checks, audit logs, and gitaly in the Admin Area.
+introduced_by_issue: https://gitlab.com/gitlab-org/gitlab/-/issues/507959
+introduced_by_mr: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/179439
+feature_category: admin
+milestone: '17.9'
+group_ability: false
+project_ability: false
+admin_ability: true
+requirements: []
diff --git a/ee/config/feature_flags/wip/custom_ability_read_admin_monitoring.yml b/ee/config/feature_flags/wip/custom_ability_read_admin_monitoring.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a18039b0eef87d8c2921f80cb6ad1e651f9d7c17
--- /dev/null
+++ b/ee/config/feature_flags/wip/custom_ability_read_admin_monitoring.yml
@@ -0,0 +1,9 @@
+---
+name: custom_ability_read_admin_monitoring
+feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/507960
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/179439
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/515665
+milestone: '17.9'
+group: group::authorization
+type: wip
+default_enabled: false
diff --git a/ee/spec/requests/custom_roles/read_admin_monitoring/request_spec.rb b/ee/spec/requests/custom_roles/read_admin_monitoring/request_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..52f8a3b4a34349d98db97c0f61df76e2eaf0f136
--- /dev/null
+++ b/ee/spec/requests/custom_roles/read_admin_monitoring/request_spec.rb
@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'User with read_admin_monitoring', feature_category: :audit_events do
+ let_it_be(:current_user) { create(:user) }
+ let_it_be(:permission) { :read_admin_monitoring }
+ let_it_be(:role) { create(:member_role, permission) }
+ let_it_be(:membership) { create(:user_member_role, user: current_user, member_role: role) }
+
+ before do
+ stub_licensed_features(custom_roles: true)
+ sign_in(current_user)
+ end
+
+ describe Admin::AuditLogsController do
+ it "GET #index", pending: "🚧 Under Construction" do
+ get admin_audit_logs_path
+
+ expect(response).to have_gitlab_http_status(:ok)
+ expect(response).to render_template(:index)
+ end
+ end
+
+ describe Admin::BackgroundMigrationsController do
+ it "GET #index", pending: "🚧 Under Construction" do
+ get admin_background_migrations_path
+
+ expect(response).to have_gitlab_http_status(:ok)
+ end
+
+ it "GET #show", pending: "🚧 Under Construction" do
+ migration = create(:background_migration_job)
+ get admin_background_migration_path(migration)
+
+ expect(response).to have_gitlab_http_status(:ok)
+ end
+ end
+
+ describe Admin::GitalyServersController do
+ it "GET #index", pending: "🚧 Under Construction" do
+ get admin_gitaly_servers_path
+
+ expect(response).to have_gitlab_http_status(:ok)
+ end
+ end
+
+ describe Admin::HealthCheckController do
+ it "GET #show", pending: "🚧 Under Construction" do
+ get admin_health_check_path
+
+ expect(response).to have_gitlab_http_status(:ok)
+ end
+ end
+
+ describe Admin::SystemInfoController do
+ it "GET #show", pending: "🚧 Under Construction" do
+ get admin_system_info_path
+
+ expect(response).to have_gitlab_http_status(:ok)
+ end
+ end
+end