Authorization Group
Planning
Our Planning issues are the SSOT of what we’re working on now, and what we’re working on next. We also have an issue board to view these from a workflow
perspective. To maintain the issue lists leadership (EM+PM) will keep the lists triaged.
Label | Definition |
---|---|
~workflow::ready for development |
Ready to be picked up by an engineer. ~priority::1 being the highest priority. |
~workflow::scheduling or lacking a ~workflow label |
Shouldn’t be picked up by an engineer and needs to be triaged by leadership. If leadership has no intention on this work being done anytime soon, they should assign the ~Backlog milestone. |
~workflow::refinement |
Needs further investigation by engineering. After refininement, an issue should have a weight assigned and the workflow label should be updated to ~workflow::scheduling |
~workflow::solution validation |
Needs Product input before work can begin |
~workflow::design |
Needs design input to proceed and/or is actively being worked on by UX |
Code Review
Because this group works on components of the application that have a far-reaching impact, we take these extra steps in order to reduce our risk of a production incident:
- Our team’s merge requests should be assigned to another Authorization team member for first review in order to build more institutional knowledge across the team. This review should be done as a reviewer. The Authorization approval counts as the approval matching the role of the Authorization Reviewer, e.g. having a Backend Review from Authorization counts as a Backend Review. Once approved, the Authorization Reviewer should request a review from a Maintainer from the appropriate maintainer category.
- Authorization related merge requests (those touching custom roles and policies related code) require a review by an Authorization Engineer. This is guarded by using the
CODEOWNERS
feature of GitLab.
Group Members
Authorization group members who are part of the Authorization group can be @
mentioned on GitLab with @gitlab-org/govern/authorization
.
The following people are permanent members of the group:
Name | Role |
---|---|
Alex Buijs | Senior Fullstack Engineer, Govern:Authorization |
Daniel Tian | Senior Frontend Engineer, Govern:Authorization |
Hinam Mehra | Fullstack Engineer, Govern:Authorization |
Jarka Košanová | Staff Backend Engineer, Govern:Authorization |
Jay Swain | Engineering Manager, Govern:Authorization and Anti-abuse |
Joe Randazzo | Product Manager, Govern:Authorization |
Mo Khan | Senior Backend Engineer, Govern:Authorization |
Team Meetings
Our group holds synchronous meetings to gain additional clarity and alignment on our async discussions. We aspire to record all of our meetings as our team members are spread across several time zones and often cannot attend at the scheduled time.
We have a weekly team sync meeting with rotating AMER/APAC and EMEA/AMER friendly time slots: Tues 20:00 UTC and Weds 14:30 UTC.
Links and resources
- Our Slack channels
- Govern:Authorization #g_govern_authorization
d92215b7
)