Repo permission levels for Meltano Engineers

[MeltyBot]

Migrated from GitLab: https://gitlab.com/meltano/handbook/-/issues/64

Originally created by @aaronsteers on 2022-02-28 19:42:38

---

Following from other conversations on #63 and !108, I wanted to open this issue to discuss what the proper permission level is for Gitlab projects for our team.

Permission Levels

1. Project/Group Developer
   • Today every engineer inherits this at the group level.
2. Project/Group Maintainer
   • In theory, this is really only needed when setting up a new repo, in order to setup the project as described in !108.
3. Project/Group Owner
   • Similar to Maintainer, but at a higher level. (Not sure what the important distinctions are here.)
4. Repo Codeowner
   • For projects which enable it, this is the designated primary/secondary approvers we set for each code path via the CODEOWNERS file.
   • Note: this is basically orthogonal with the permission levels 1-3, above.

Consideration

1. Everyone should have sufficient permissions to do their job.
2. Certain permissions that don't need to be changed often can be maintained or initialized by a small group of responsible persons.
3. We don't have great auditing on project level settings, and we want to avoid a case where a setting is modified but it's impossible to tell who changed it or when it was changed. (A small group of responsible parties (2-3) is preferred, for this reason.)
4. If everyone in the Engineering team does require elevated (Maintainer and/or Owner) permissions, we should document the reasons for that and update our new user onboarding processes to reflect this.

[MeltyBot]

View 1 previous comment from the original issue on GitLab