feat: Security monitor migration - SRM read access for all users TARO…

…T-2397 (#1965) * feat: Remove SRM access limitations from the Roles table * feat: Admonition with Export CSV limitation * feat: Move export instructions to own section * feat: Add access and caveats to roles table * feat: Apply suggestions from review Co-authored-by: Cláudia Carpinteiro <[email protected]> * feat: Apply suggestions from review Co-authored-by: Rafael Cortês <[email protected]> * feat: Apply suggestions from review --------- Co-authored-by: Cláudia Carpinteiro <[email protected]> Co-authored-by: Rafael Cortês <[email protected]>
codacy · Dec 20, 2023 · 1e2e661 · 1e2e661
1 parent c1809af
commit 1e2e661
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 30 deletions.
diff --git a/docs/organizations/managing-security-and-risk.md b/docs/organizations/managing-security-and-risk.md
@@ -26,7 +26,7 @@ Each panel shows the total count of matching items and contains a **Review** but
 When viewing the dashboard, you can:
 
 -   Limit the total counts in each panel to a specific set of severities or repositories by clicking the **Severity** or **Repository** drop-downs above the main area.
--   Export a list of items as a CSV file by clicking the **Export CSV** button in the top right-hand corner of the page. The exported list always includes all items, ignoring any applied filters.
+
 -   Review the [severity assignment rules](#item-severities-and-deadlines) by clicking the **See rules** button in the top right-hand corner of the page.
 
 ![Security and risk management dashboard](images/security-risk-management-dashboard.png)
@@ -40,12 +40,19 @@ To access the item list, access the [dashboard](#dashboard) and click the **Revi
 When viewing the item list, you can:
 
 -   Update the filtering criteria by clicking the **Severity**, **Status**, or **Repository** drop-downs above the list.
+
 -   Find out more about an item by clicking its **Details** column to navigate to the item of interest on the source platform.
--   Export a list of items as a CSV file by clicking the **Export CSV** button in the top right-hand corner of the page. The exported list always includes all items, ignoring any applied filters.
+
 -   Review the [severity assignment rules](#item-severities-and-deadlines) by clicking the **See rules** button in the top right-hand corner of the page.
 
 ![Security and risk management items](images/security-risk-management-item-list.png)
 
+## Exporting the security item list
+
+!!! info "This feature is available only to organization admins and organization managers"
+
+To export a list of security items as a CSV file, click the **Export CSV** button in the top right-hand corner of the page. The exported list always includes all items, ignoring any applied filters.
+
 ## How Codacy manages security items {: id="opening-and-closing-items"}
 
 !!! important

diff --git a/docs/organizations/roles-and-permissions-for-organizations.md b/docs/organizations/roles-and-permissions-for-organizations.md
@@ -64,6 +64,15 @@ The table below maps the GitHub Cloud and GitHub Enterprise roles to the corresp
       <td class="yes">Yes</td>
       <td class="yes">Yes</td>
     </tr>
+    <tr>
+      <td>Access Security and risk management</td>
+      <td class="no">No</td>
+      <td colspan="2" class="yes">Yes<sup>3</sup></td>
+      <td colspan="2" class="yes">Yes<sup>3</sup></td>
+      <td class="yes">Yes<sup>3</sup></td>
+      <td class="yes">Yes</td>
+      <td class="yes">Yes</td>
+    </tr>
     <tr>
       <td>Ignore issues and files,<br/>configure code patterns and file extensions,<br/>manage branches,<br/>reanalyze branches and pull requests</td>
       <td class="no">No</td>
@@ -96,7 +105,7 @@ The table below maps the GitHub Cloud and GitHub Enterprise roles to the corresp
       <td class="no">No</td>
       <td colspan="2" class="no">No</td>
       <td colspan="2" class="no">No</td>
-      <td class="yes">Yes<sup>3</sup></td>
+      <td class="yes">Yes<sup>4</sup></td>
       <td class="maybe">Inherits original permission</td>
       <td class="yes">Yes</td>
     </tr>
@@ -118,15 +127,6 @@ The table below maps the GitHub Cloud and GitHub Enterprise roles to the corresp
       <td class="yes">Yes</td>
       <td class="yes">Yes</td>
     </tr>
-    <tr>
-      <td>Access Security and risk management</td>
-      <td class="no">No</td>
-      <td colspan="2" class="no">No</td>
-      <td colspan="2" class="no">No</td>
-      <td class="no">No</td>
-      <td class="yes">Yes</td>
-      <td class="yes">Yes</td>
-    </tr>
     <tr>
       <td>Invite and accept members,<br/>modify billing</td>
       <td class="no">No</td>
@@ -150,7 +150,8 @@ The table below maps the GitHub Cloud and GitHub Enterprise roles to the corresp
 
 <sup>1</sup>: Outside collaborators aren't supported as members of organizations on Codacy. You can still [add outside collaborators to Codacy](managing-people.md#adding-people) so that Codacy analyzes their commits to private repositories, but they won't be able to join your Codacy organization.  
 <sup>2</sup>: Joining an organization may need an approval depending on your setting for [accepting new people](changing-your-plan-and-billing.md#allowing-new-people-to-join-your-organization).  
-<sup>3</sup>: Requires that an organization owner has given the Codacy GitHub App access to the repositories to add or remove.
+<sup>3</sup>: These users can only see security items originating from Codacy repositories that they follow.  
+<sup>4</sup>: Requires that an organization owner has given the Codacy GitHub App access to the repositories to add or remove.
 
 ## Permissions for GitLab
 
@@ -199,6 +200,15 @@ The table below maps the GitLab Cloud and GitLab Enterprise roles to the corresp
       <td class="yes">Yes</td>
       <td colspan="2" class="yes">Yes</td>
     </tr>
+    <tr>
+      <td>Access Security and risk management</td>
+      <td class="no">No</td>
+      <td colspan="2" class="yes">Yes<sup>3</sup></td>
+      <td class="yes">Yes<sup>3</sup></td>
+      <td colspan="2" class="yes">Yes<sup>3</sup></td>
+      <td class="yes">Yes</td>
+      <td colspan="2" class="yes">Yes</td>
+    </tr>
     <tr>
       <td>Ignore issues and files,<br/>configure code patterns and file extensions,<br/>manage branches,<br/>reanalyze branches and pull requests</td>
       <td class="no">No</td>
@@ -253,15 +263,6 @@ The table below maps the GitLab Cloud and GitLab Enterprise roles to the corresp
       <td class="yes">Yes</td>
       <td colspan="2" class="yes">Yes</td>
     </tr>
-    <tr>
-      <td>Access Security and risk management</td>
-      <td class="no">No</td>
-      <td colspan="2" class="no">No</td>
-      <td class="no">No</td>
-      <td colspan="2" class="no">No</td>
-      <td class="yes">Yes</td>
-      <td colspan="2" class="yes">Yes</td>
-    </tr>
     <tr>
       <td>Invite and accept members,<br/>modify billing</td>
       <td class="no">No</td>
@@ -284,7 +285,8 @@ The table below maps the GitLab Cloud and GitLab Enterprise roles to the corresp
 </table>
 
 <sup>1</sup>: External users aren't supported as members of organizations on Codacy. You can still [add external users to Codacy](managing-people.md#adding-people) so that Codacy analyzes their commits to private repositories, but they won't be able to join your Codacy organization.  
-<sup>2</sup>: Joining an organization may need an approval depending on your setting for [accepting new people](changing-your-plan-and-billing.md#allowing-new-people-to-join-your-organization).
+<sup>2</sup>: Joining an organization may need an approval depending on your setting for [accepting new people](changing-your-plan-and-billing.md#allowing-new-people-to-join-your-organization).  
+<sup>3</sup>: These users can only see security items originating from Codacy repositories that they follow.  
 
 ## Permissions for Bitbucket
 
@@ -319,6 +321,12 @@ The table below maps the Bitbucket Cloud and Bitbucket Server roles to the corre
       <td class="yes">Yes</td>
       <td class="yes">Yes</td>
     </tr>
+    <tr>
+      <td>Access Security and risk management</td>
+      <td colspan="2" class="yes">Yes<sup>3</sup></td>
+      <td class="yes">Yes</td>
+      <td class="yes">Yes</td>
+    </tr>
     <tr>
       <td>Ignore issues and files,<br/>configure code patterns and file extensions,<br/>manage branches,<br/>reanalyze branches and pull requests</td>
       <td colspan="2" class="maybe"><a href="#change-analysis-configuration">Configurable</a></td>
@@ -355,12 +363,6 @@ The table below maps the Bitbucket Cloud and Bitbucket Server roles to the corre
       <td class="yes">Yes</td>
       <td class="yes">Yes</td>
     </tr>
-    <tr>
-      <td>Access Security and risk management</td>
-      <td colspan="2" class="no">No</td>
-      <td class="yes">Yes</td>
-      <td class="yes">Yes</td>
-    </tr>
     <tr>
       <td>Invite and accept members,<br/>modify billing</td>
       <td colspan="2" class="no">No</td>
@@ -377,7 +379,8 @@ The table below maps the Bitbucket Cloud and Bitbucket Server roles to the corre
 </table>
 
 <sup>1</sup>: Codacy can't distinguish the Bitbucket roles Read and Write because of a limitation on the Bitbucket API.  
-<sup>2</sup>: Joining an organization may need an approval depending on your setting for [accepting new people](changing-your-plan-and-billing.md#allowing-new-people-to-join-your-organization).
+<sup>2</sup>: Joining an organization may need an approval depending on your setting for [accepting new people](changing-your-plan-and-billing.md#allowing-new-people-to-join-your-organization).  
+<sup>3</sup>: These users can only see security items originating from Codacy repositories that they follow.
 
 ## The organization manager role