Diane Russel activity https://gitlab.com/dlrussel 2026-03-18T20:56:54Z tag:gitlab.com,2026-03-18:5219434643 Diane Russel commented on merge request !227949 at GitLab.org / GitLab 2026-03-18T20:46:02Z dlrussel Diane Russel

Hey @jayswain, @hmehra and @imand3r can you guys give this a review please. 🙏🏻

 tag:gitlab.com,2026-03-18:5219423033 Diane Russel commented on merge request !227949 at GitLab.org / GitLab 2026-03-18T20:42:22Z dlrussel Diane Russel

Note that the public_user_access permission needs to be removed entirely in a follow up MR.

 tag:gitlab.com,2026-03-18:5219415147 Diane Russel pushed to project branch fix/public-access-guest-access-separation at GitLab.org / GitLab 2026-03-18T20:39:56Z dlrussel Diane Russel

Diane Russel (6e8989c9) at 18 Mar 20:39

Move read_project_for_iids to public_authenticated.yml

... and 89 more commits

tag:gitlab.com,2026-03-18:5219338236 Diane Russel commented on merge request !227949 at GitLab.org / GitLab 2026-03-18T20:13:15Z dlrussel Diane Russel

We moved these permissions to the guest.yml role definition file but this whole condition isn't needed anymore because the admin_issue is only enabled for users who are members. This was probably a remnant of when admins returned false for the guest condition and needed to have permissions granted to them explicitly.

 tag:gitlab.com,2026-03-18:5219293020 Diane Russel pushed to project branch fix/public-access-guest-access-separation at GitLab.org / GitLab 2026-03-18T20:00:34Z dlrussel Diane Russel

Diane Russel (67401817) at 18 Mar 20:00

Move admin_issue_relation to role YAML files

 tag:gitlab.com,2026-03-18:5219239566 Diane Russel pushed to project branch fix/public-access-guest-access-separation at GitLab.org / GitLab 2026-03-18T19:41:57Z dlrussel Diane Russel

Diane Russel (e983ea3e) at 18 Mar 19:41

Revert admin_issue_relation to conditional rule

 tag:gitlab.com,2026-03-18:5219232681 Diane Russel pushed to project branch fix/public-access-guest-access-separation at GitLab.org / GitLab 2026-03-18T19:39:21Z dlrussel Diane Russel

Diane Russel (4aacd812) at 18 Mar 19:39

Use role YAML files for downstream policy permissions

 tag:gitlab.com,2026-03-18:5219095615 Diane Russel opened merge request !227949: Add public_anonymous and public_authenticated role YAML files at GitLab.org / GitLab 2026-03-18T18:54:57Z dlrussel Diane Russel

What does this MR do and why?

This MR adds the base public project permissions in YAML role files to match the pattern used by all other roles and fixes the logic so that public access doesn't enable guest access anymore.

  • public_anonymous: read-only permissions for all visitors including anonymous users
  • public_authenticated: write permissions for authenticated non-members, inherits from public_anonymous

References

#583543

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

 tag:gitlab.com,2026-03-18:5219090167 Diane Russel pushed new project branch fix/public-access-guest-access-separation at GitLab.org / GitLab 2026-03-18T18:53:28Z dlrussel Diane Russel

Diane Russel (da710092) at 18 Mar 18:53

Move workaround permissions into guest.yml

... and 3 more commits

tag:gitlab.com,2026-03-18:5219012797 Diane Russel pushed to project branch master at GitLab.org / GitLab 2026-03-18T18:29:10Z dlrussel Diane Russel

Diane Russel (354e275b) at 18 Mar 18:29

Merge branch 'ia-extract-auditor-permissions' into 'master'

... and 1 more commit

tag:gitlab.com,2026-03-18:5219012328 Diane Russel deleted project branch ia-extract-auditor-permissions at GitLab.org / GitLab 2026-03-18T18:29:00Z dlrussel Diane Russel

Diane Russel (93bc0076) at 18 Mar 18:29

tag:gitlab.com,2026-03-18:5219010791 Diane Russel accepted merge request !227776: Move auditor permissions to a role definition at GitLab.org / GitLab 2026-03-18T18:28:26Z dlrussel Diane Russel

What does this MR do and why?

Extract auditor permissions to a role definition file.

References

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

 tag:gitlab.com,2026-03-18:5218902251 Diane Russel commented on merge request !227205 at GitLab.org / GitLab 2026-03-18T17:56:25Z dlrussel Diane Russel

Looks good @imand3r although you have some merge conflicts

 tag:gitlab.com,2026-03-18:5218901455 Diane Russel approved merge request !227205: Refactor custom dashboard policy to use granular permissions at GitLab.org / GitLab 2026-03-18T17:56:09Z dlrussel Diane Russel

What does this MR do and why?

Refactor custom dashboard policy to use granular permissions

Replace reporter_access and developer_access checks in DashboardPolicy with delegated namespace conditions and specific permissions. Add custom dashboard permissions to reporter and developer role definitions. Update permission validation to support underscore-prefixed permission names.

References

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #593274

 tag:gitlab.com,2026-03-18:5218605896 Diane Russel deleted project branch 593252-remove-owner-access-from-import-export-helpers at GitLab.org / GitLab 2026-03-18T16:45:40Z dlrussel Diane Russel

Diane Russel (515f5647) at 18 Mar 16:45

tag:gitlab.com,2026-03-18:5218605569 Diane Russel pushed to project branch master at GitLab.org / GitLab 2026-03-18T16:45:37Z dlrussel Diane Russel

Diane Russel (5835dfe8) at 18 Mar 16:45

Merge branch '593252-remove-owner-access-from-import-export-helpers...

... and 1 more commit