Create a mechanism that prevents a single user from executing a custom pipeline or deployment

Issue #15937 duplicate
Shane Fast
created an issue

For context, our team has been using custom pipelines to do our deployments. Once all requirements are met in our staging build (all tests pass, build checks successful, etc...) any one of us can select the custom pipeline that essentially deploys everything to production.

We like the simplicity of this setup and it's been working well for us, but some of our larger clients and stakeholders expressed some concerns. They wanted a sort of two-man rule - where specific actions (like deployment) needed two people acting together in order to execute the said action.

Its clear to us that they are concerned about someone from our team going rogue or making a mistake and clicking the wrong custom pipeline. If there is a way to do this with the current feature set please let me know, but otherwise, I think this might add some security value.

As for how - maybe something similar to how pull requests can have a rule where at least one other person must approve before code get merged. Thoughts?

Comments (2)

  1. Aneita Yang staff

    Hi Shane,

    Thanks for reaching out and for the context. I can see why this is something that you'd like to see.

    We currently have an open feature request to restrict deployments to specific users. This might be of interest to you, as it will allow you to control who can deploy to specific environments. As mentioned on the issue, this is likely to be something that we work on later this year.

    I encourage you to vote for / watch the issue for updates if it is something that you're interested in seeing.

    Thanks,
    Aneita

  2. Log in to comment