Administrator access to the production system is granted based on job roles and responsibilities and limited to authorized personnel.
Administrator Access is defined as a level of access above that of a normal user. Use of Administrator Access should be consistent with an individual’s role or job responsibilities at GitLab. When a team member's role or job responsibilities change, their Administrator Access should be appropriately updated or removed. In situations where it is unclear whether a particular action is appropriate, and within the scope of current job responsibilities, the situation should be discussed with management. The spirit of this control is to ensure there's a process in place so that all additions and updates to the production environment, are appropriately reviewed and approved before being merged.
This control applies to any system or process where source code can be modified.
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Source Code Security control issue.