search

meltano / handbook

Source for Meltano's public handbook (https://handbook.meltano.com/) and public issue tracker for process and policy proposals that will be documented there.
MIT License
3 stars 4 forks source link

Repo permission levels for Meltano Engineers #58

Open MeltyBot opened 2 years ago

MeltyBot commented 2 years ago

Migrated from GitLab: https://gitlab.com/meltano/handbook/-/issues/64

Originally created by @aaronsteers on 2022-02-28 19:42:38

Following from other conversations on #63 and !108, I wanted to open this issue to discuss what the proper permission level is for Gitlab projects for our team.

Permission Levels

  1. Project/Group Developer
    • Today every engineer inherits this at the group level.
  2. Project/Group Maintainer
    • In theory, this is really only needed when setting up a new repo, in order to setup the project as described in !108.
  3. Project/Group Owner
    • Similar to Maintainer, but at a higher level. (Not sure what the important distinctions are here.)
  4. Repo Codeowner
    • For projects which enable it, this is the designated primary/secondary approvers we set for each code path via the CODEOWNERS file.
    • Note: this is basically orthogonal with the permission levels 1-3, above.

Consideration

  1. Everyone should have sufficient permissions to do their job.
  2. Certain permissions that don't need to be changed often can be maintained or initialized by a small group of responsible persons.
  3. We don't have great auditing on project level settings, and we want to avoid a case where a setting is modified but it's impossible to tell who changed it or when it was changed. (A small group of responsible parties (2-3) is preferred, for this reason.)
  4. If everyone in the Engineering team does require elevated (Maintainer and/or Owner) permissions, we should document the reasons for that and update our new user onboarding processes to reflect this.
MeltyBot commented 2 years ago

View 1 previous comment from the original issue on GitLab