feat: add access insights to overview page

[scott-ray-wilson]

Context

This PR adds access insights to the overview page with v3 components and expands the API so that users can navigate to the respective entities page to manage access.

Screenshots

Steps to verify the change

Type

• Fix
• Feature
• Improvement
• Breaking
• Docs
• Chore

Checklist

• Verify sheet only opens if subscription includes secret access insights

• verify permissions displayed are correct

• verify clicking each entity properly links to it's page

• Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).

• Tested locally

• Updated docs (if needed)

• Read the contributing guide

[linear]

SECRETS-81 Add access list to overview

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR adds access insights to the overview page, allowing users to view which users, groups, and machine identities have access to specific secrets. The implementation extends the permission service to include membershipId fields, which enable navigation to the respective entity management pages.

Major Changes:

• Extended permission DAL and service to return membershipId for users, identities, and groups
• Added new SecretAccessInsights component displaying access information in categorized sections
• Integrated access insights and version history into a dropdown menu in secret rows
• Expanded search parameter validation in group routes to support period (.) and at (@) characters for email searches
• Added new v3 UI components (AlertDialog, updated Item styling)
• Gated access insights feature behind subscription check

API Changes:
The API response for secret access lists now includes a membershipId field. This is a non-breaking change as it only adds a new field to the response without removing or modifying existing fields.

Security Review:

• Search parameter handling uses parameterized queries with Knex.js - no SQL injection vulnerabilities detected
• Access insights properly respect existing permission checks
• Feature is subscription-gated on the frontend

Confidence Score: 4/5

• This PR is safe to merge with minor considerations for documentation
• The implementation is solid with proper security practices (parameterized queries, permission checks, subscription gating). Backend changes are non-breaking and well-structured. Frontend components follow existing patterns. Score is 4 instead of 5 due to lack of documentation for the new feature, which may affect customer discoverability.
• No files require special attention

Important Files Changed

Filename	Overview
backend/src/ee/services/permission/permission-dal.ts	Added membershipId to queries for users, identities, and groups to support navigation to entity pages
backend/src/ee/routes/v1/group-router.ts	Expanded character validation for search parameters to support . and @ characters (for email searches)
frontend/src/pages/secret-manager/OverviewPage/components/SecretTableRow/SecretAccessInsights.tsx	New component displaying access insights with links to users, identities, and groups with permissions
frontend/src/pages/secret-manager/OverviewPage/components/SecretTableRow/SecretEditTableRow.tsx	Added dropdown menu with version history and access insights features, includes subscription gating
frontend/src/pages/secret-manager/OverviewPage/components/SecretTableRow/SecretVersionHistory.tsx	New component for displaying secret version history with rollback capabilities