Enable read_runner custom ability when user has read_runners ability on the owning group/project (!209884) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Remove handling of Ci::Runner resource type from Authz::CustomAbility to ensure custom abilities are only checked against a project or a group for which custom roles are assigned.
Updates RunnerPolicy to delegate the check if the current user has the read_runners ability on the runner's owning project/group to ProjectPolicy or GroupPolicy depending on the type of the runner

References

Enable read_runner custom ability when user has... (#578173)

Screenshots or screen recordings

Before	After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Oct 23, 2025 by Eugie Limpin

Enable read_runner custom ability when user has read_runners ability on the owning group/project

What does this MR do and why?

References

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports