Scoping: Restrict who can create batch changes

Created by: malomarrec

Problem statement

Some or our customers operate in regulated industries and have compliance requirements to limit access to creating batch changes to only some users.

Problem validation / why

Our initial reaction to this request was that :

• Permission issue: Batch Changes, when set up properly, map codehosts permissions and do not give more access to users than they already have without batch changes.
• PR spam issue: any developer can script out opening many changesets

We have verified that this was clear to those customers and confirmed that they still need to control access to batch changes to meet compliance goals. The customer's perception is that enabling developers to access a tool that makes it easier to automate creating many changesets increases risk and creates a compliance issue.

Other concerns

We were initially concerned that this could slow down adoption and have a business impact. This was mitigated by making sure all users can view batch changes, and only creating batch changes is optionally restricted.

Customers

The customers are currently blocked:

• https://github.com/sourcegraph/accounts/issues/579
• https://github.com/sourcegraph/accounts/issues/1
• https://github.com/sourcegraph/accounts/issues/3

There's no way we're going to give x,000 engineers the ability to deploy changes across all our repositories

• https://github.com/sourcegraph/accounts/issues/8243 Also see product gap.

Solution

MVP:

• Allow site-admins to optionally whitelist who can create batch changes. If a restrictBatchChangesAccess is set with a list of allowListed users, then creating Batch Changes is restricted to those users. What does that mean:
  • Running a preview with src-cli gives an error message Creating batch changes has been restricted to some users only, you should contact your admin to get access.
  • The create batch change button is disabled with an infobox and the same message
  • The Create batch change button on the search page is hidden (as well as any other buttons that prompt to create batch changes from another context)
  • All bulk actions / any edit action are disabled
  • The Batch Changes dashboard and batch change page are still visible, as well as non-edit src batch commands