Permission development guidelines

There are multiple types of permissions across GitLab, and when implementing anything that deals with permissions, all of them should be considered.

As a pre-requisite, familiarize yourself with our glossary first.

For more information, see:

• Authorization: Guidance on where to check permissions.
• Custom roles: Guidance on how to work on custom role, how to introduce a new ability for custom roles, how to refactor permissions.
• DeclarativePolicy framework: Introduction to DeclarativePolicy framework used for authorization.
• Granular access: Development guidelines for granular access control, including job tokens and granular Personal Access Tokens.
• Permissions conventions: Guidance on how to name new permissions and what should be included in policy classes.
• Predefined system of user roles: General overview about predefined roles, user types, feature specific permissions, and permissions dependencies.