The GitLab Docs website is now available in Japanese!

Permission development guidelines

There are multiple types of permissions across GitLab, and when implementing anything that deals with permissions, all of them should be considered. For more information, see:

Predefined roles system: a general overview about predefined roles, user types, feature specific permissions, and permissions dependencies.
DeclarativePolicy framework: introduction into DeclarativePolicy framework we use for authorization.
Naming and conventions: guidance on how to name new permissions and what should be included in policy classes.
Authorizations: guidance on where to check permissions.
Custom roles: guidance on how to work on custom role, how to introduce a new ability for custom roles, how to refactor permissions.
Job token guidelines: Guidance on requirements and contribution guidelines for new job token permissions.
Granular Personal Access Tokens: Guidance on enabling granular PAT permissions for API endpoints, including requirements and contribution guidelines.