The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.
| Group | Authorization |
|---|---|
| Stage | Govern |
| Group | Authorization |
| Content Last Reviewed | 2024-10-16 |
This is the direction page for the Authorization group in the Govern stage. The Authorization group is responsible for ensuring that an authenticated user has access to the proper resources within the application. There is one category in the group and details on the direction can be viewed on the following individual category page:
| Priority | Theme | Target Release |
|---|---|---|
| 1 | Add support for granular token permissions to Job Tokens to allow for fine-grained access in CI/CD workflows. | 18.0 |
| 2 | Build Admin Custom Role to support granular permissions for the Admin Area to allow organizations to reduce the number of admins on self-managed environments. | TBD |
| 3 | Improve visibility by providing a breakdown of roles and assigned users to allow for organizations to identify and reduce overprivileged users. | 17.6 |
| Priority | Name | DRI | Target Release |
|---|---|---|---|
| 1 | When a user runs a pipeline, then a secure token is generated and used to execute the pipeline | alexbuijs |
17.6 |
| 2 | Audit event types for token permissions | hmehra |
17.6 |
| 3 | Document fine-grained permission support by API endpoint | TBD |
17.6 |
| 4 | [BE] A user can discover which permissions are necessary for a job to execute | jarka |
17.6 |
| 5 | [BE] Add GraphQL data for member role users info | dftian |
17.6 |
| 6 | View assigned users in a role | dftian |
17.6 |
| 7 | Build uniform mapping of resource names with read/write/none actions. | TBD |
17.7 |
| 8 | FE - Export an accurate record of users and their permissions | dftian |
17.7 |
The UX department has performed a JTBD Canvas for Authorization that can be found on this epic and figma file.
The main jobs for users related to Authorization capabilities include:
| Main Job | Outcomes |
|---|---|
| Provision access rights | Minimize productivity loss coming from user’s lack of access to resources they need to do their job. Minimize security risk and data breaches coming from bad actors. Reduce manual work when managing user’s role and access to resources. |
| Maintain access policies | Minimize security risk and data breaches coming from bad actors. Increase compliance in industry related audits (eg SOC II). Standardize organization’s user and resource permission management across all software and applications. |
| Gain access rights | Decrease time spent on gaining access rights. Increase productivity Increase team collaboration. |