►
From YouTube: Create:SCM - Group level merge rules next steps
Description
Derek (PM) and Michael (UX) discuss what to do with next steps for group-level rules and cascading of settings.
https://gitlab.com/groups/gitlab-org/-/epics/4367
A
Maybe,
all
right
so
wanted
to
have
this
chat
with
you
about
what
we're
gonna
do
with
group
level,
merge
rules
and
ultimately
Branch
rules
at
their
project
level
and
what
direction
we
went
ahead
in
yeah.
So
recently
we
we
inherit
or
like
the
group
level,
merge
rules.
So
that's
like
approval
rules
at
the
group
level,
and
that
was
something
that
was
in
the
compliance
group.
But
now
that's
moved
over
to
our
group
and
that's
that's.
A
We
were
looking
at
how
Branch
rules
made
really
at
the
group
level
as
well,
so
I
feel,
like
that's,
that's
a
natural
kind
of
spot
for
this
feature,
but
I
think
there's
a
lot
of
eyes
and
customers
wanting
to
see
that
happen
and
like
the
group
of
modules
and
yeah
I
want
to
see
it
happen
as
well
and
yeah
I
guess
this
chat
here
is
probably
just
a
sink
call
between
you
and
I.
Just
to
see
you
know
where.
Where
do
we
want
to
take
this
and
I?
You
know.
A
Where
do
we
see
this
happening,
whether
it's
the
next
Milestone
or
a
few
Milestones
from
now
so
I'd
love
to
hear
your
thoughts
about
the
situation
and
what
you
feel
like
we
should
head
to
next,
because
I
have
my
own
opinions
and
I
just
want
to
see
if
you
know
a
line
or
if
you
want
to
hear
my
opinions.
First,
that's
cool
too.
B
B
So
you
know
between
that
and
looking
at
the
issues
that
are
out
there
and
how
many
customer
comments
they
have
and
upvotes
I
think
it's
something
that
we
we
need
to
work
on
sooner
rather
than
later.
I
think
that
it's
something
that
would
add
a
lot
of
value
for
our
customers.
So
in
my
opinion
it
should
be
a
pretty
high
priority
for
the
source
code
team
and
that's
and
I
I,
don't
know
all
the
details
and
all
the
you
know,
issues
around
What
will
what
it'll
take
to
implement
it.
B
But
it's
I
think
that
it
should
be
a
high
priority.
Yeah
cool.
A
Yeah,
so
from
my
perspective,
looking
at
this
problem
for
from
the
group
to
the
project
level,
I
probably
have
less
time
spending
looking
at
the
problem.
I
know
that
I
contributed
to
the
idea
of
you
know.
If
a
settings
are
configured
at
the
group
level,
then
we'll
show
like
a
lock
icon
and
then
display
information
around
why
it's
locked
at
that
level.
A
A
We
need
to
handle
two
things:
it's
that
cascading.
We
need
to
make
a
decision
about
whether
this
applies
to
future
only
or
current
and
future,
and
my
opinion
is
that
it
applies
to
current
and
future,
and
the
big
question
would
be
like.
Oh
what
about
projects
that
that
don't
need
to
follow
the
rules.
You.
A
B
A
A
But
you
know
if
we
need
to
start
small
and
just
select
individual
projects,
so
be
it,
but
I
feel
like
this
kind
of
Paradigm,
of
providing
exceptions
also
aligns
with
some
of
the
work
that's
being
done
at
the
security
policy
level,
where
they
have
different
rules
that
you
can
provide
exceptions
for
so
this
idea
of
exceptions
is
something
that's
happening
at
the
security
policy
level,
but
it
doesn't
really
exist
right
now
in
the
world
of
settings.
You
know
all
we
have
is
like
include
this
four
branches
and
I.
A
Think
as
we
extend
this
out
to
the
group
level,
we
need
to
provide
not
only
include
these
projects.
Maybe
that's
it
like
it's
like
here's
this
and
then
you
deselect
a
project
as
a
way
to
provide
exclusions.
A
So
I
think
that's
where
we
probably
need
engineering
input
on
what's
possible.
What's
not
possible
I.
Think
providing
exceptions
is
probably
clearer
and
aligns
with
security
policies,
but
that
that's
my
thing
where.
B
A
Feel
like
yeah
looking
at
this
from
a
compliance
level,
I
think
they're
cascading
down
and
locking
was
the
one
perspective,
but
I
think
the
fact
that
we
couldn't
answer.
What
do
we
want
to
do
for
exceptions,
because
that
would
be
like
crossing
over
into
the
project
level
settings
and
or
like
group
level
settings?
And
it's
like?
Oh
that's,
source
code
and
I
feel
like
that's.
A
You
you
almost
it's
a
tricky
one
to
find
that
fine
line.
You
know
where
does
compliance
end
and
where
does
source
code
begin
and
I
think
by
removing
that
kind
of
barrier.
We
can
tackle
this
as
that
two-pronged
things:
to
provide
read-only
cascading
down
and
put
a
way
to
provide
exceptions
and.
A
The
problem
and
that's
how
I
want
to
push
forward
with
this,
maybe
before
I,
lock
everything
down
like,
are
there
any
like
concerns
or,
like
you
know,
things
that
we
haven't
accounted
for
or
do
we
need
to
align
closer
to
policies?
Do
we
need
to
figure
that
out
before
we
tackle
this
in,
like
Go
full
steam
on
this.
B
B
I,
don't
know
that
we
need
to
align
closer
with
policies,
because
the
way
that
I
see
it
there
are
two
two
ways
of
well
possibly
three
different
ways
of
doing
things,
and
it
depends
on
what
what
user
you're
trying
to
Target
with
it
like
what
persona
right
so
security
and
compliance
teams,
I
think
if
the
policies
group
added
a
way
to.
B
Enforce
the
stuff,
the
settings
via
policies
that
might
take
care
of
the
security
and
compliance
teams,
but
source
code
is
more
interested
in
the
developer.
Experience
right
so
adding
this
and
adding
a
way
to
have
exceptions,
especially
now.
I
think
that
I
don't
think
that
we
would
want
the
project
owners
to
be
able
to
add
their
own
exception
for
their
project.
We'd
want
to
keep
that
at
the
group
level
where
this
policy
or
this
these
settings
were
set
and
allow
ways
for
group
owners
to
exempt
certain
projects.
B
But
if
we
do
that,
then
the
policies
team
I
think
that
it
might
be
better
for
them
to
align
with
what
we're
doing,
because
the
developer,
experience
and
and
locking
down
these
things
really
should
come.
First.
A
B
I
think
could
be
handled
separately
from
the
way
that
that
you're,
looking
at
doing
the
the
group
rules
right
now,
because
I
think
that
we
could
replicate
some
of
the
settings
in
the
compliance
framework
area
and
allow
users
to
set
those
specifically
for
compliance
Frameworks
and
then
those
would
apply
selectively
to
whatever
project
has
the
compliance
framework
enabled
on
it.
B
So
yeah
I
think
that
we
should
probably
just
move
forward
with
it.
We
should
keep
compliance
and
security
policies
updated.
It
would
be
good
to
to
make
sure
that
there
are
that
they
know
what
we're
doing
and
I
do
want
to
build
more
collaboration
in
certain
areas.
This
would
be
one
of
them,
but
at
the
same
time,
I
don't
want
to
slow
down
something
that
is,
could
deliver
a
lot
of
value
for
for
our
customers.
B
So
I
I'd
say
that
we
should
move
ahead.
We
should
make
sure
that
the
compliance
and
policies
teams
don't
have
any
major
objections,
because
maybe
they
could
point
out
something
that
we
haven't
thought
about
and
specifically
I'm
thinking
around,
like
it'd,
be
good
to
have
the
policies
product
manager
Grant
in
their
but
I.
B
Think
having
the
engineering
managers
look
at
it
and
kind
of
provide
their
feedback
would
be
really
good
too,
because
they
can
see
they,
they
would
be
able
to
Think
Through
potential
issues
with
the
with
whatever
projects
they're
building
right
now,
so
I
think.
As
long
as
we
have
a
way
to
sync
up
with
them,
which
which
we
do,
which
I
don't
remember,
were
you
ever
invited
to
the
create
govern?
B
A
The
the
no
I
wasn't
invited
to
that,
probably
mainly
because
of
the
time
zone
of
where
things
were,
and
then
the
PM
of
source
code
also
kind
of
left
around
the
same
time
that
I
kind
of
got
involved
so
I
think
it's
kind
of
got
down
to
async,
videos
and
I.
Think
Grant
has
been
providing
some
good
feedback
on
some
of
the
ideas
that
I've
had
so
far
around
this
stuff.
So
that's
where
that
that's
at
in
my
eyes,
but
yeah
if
you've
been
having
other
conversations
yeah.
B
Yeah
I
I,
haven't
had
I,
haven't,
had
much
many
other
con
conversations
about
that
outside
of
either
those
meetings
which
I
haven't
been
able
to
attend
for
a
few
weeks
or
yeah
I
mean
they've
really
yeah.
There
really
hasn't
been
much
conversation
from
that
I've
had
so
I
think
we're
good
to
go.
B
We'll
keep
them
updated,
see
what
you
know.
What
comes
out
of
it,
but
I
think
that
what
you
have
like
what
I've
seen
looks
really
good
to
me.
So
I
don't
see
any
reason
not
to
continue
to
move
forward
and
try
to
get
up
get
the
other
teams
on
board
with
it
and
figure
out
ways
to
solve
their
problems,
but
not
not
cut
short.
The
developer
experience.
A
A
That
the
security
policies
team
is
also
looking
at
exceptions
at
the
same
time.
So
this
might
be
a
good
time
for
us
to
just
be
a
little
bit
more
transparent
and
looping
them
in
a
lot
more
because
I
feel
like
another
way
to
look
at.
A
This
is
like
the
security
policies
goes
up
at
this
level
and
then
we're
providing
the
rails
for
them
to
like
come
in
to
provide
exceptions,
because
at
the
moment
there
are
there
is,
there
are
no
exceptions
and
I
feel
like
that
will
just
come
in
as
like
a
piece
of
code
that
like,
if
it
has
policy,
do
some
extra
stuff,
but
maybe
we
provide
the
rails
for
exceptions.
It
kind
of
fits
a
little
bit
better.
A
So
I
think
the
timing
is
very
interesting,
like
very
fortunate
for
all
groups
to
be
kind
of
solving
this
problem.
At
the
same
time,
cool
right
makes.
A
Sounds
good
right,
then
I'll
move
ahead
and
I'll
update
the
issues
over
the
next
few
days.
Yeah
leave
that
on
me.
B
Well,
yeah,
and
just
so
you
know
I'm
technically
doing
three
people's
jobs
right
now.
So,
if
they're,
if
you
tag
me
in
issue
and
you
need
me
to
look
at
it
or
provide
a
response
and
I
haven't,
you
know
yet
ping
me
in
in
slack,
because
it's
possible
that
I
just
missed
it
with
everything
else
that
I've
got
coming
in.
A
Sure
no
problem
yeah,
that's
good
good
to
know
thanks
recording
at
this
time.