diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-20 14:10:13 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-20 14:10:13 +0300 |
commit | 0ea3fcec397b69815975647f5e2aa5fe944a8486 (patch) | |
tree | 7979381b89d26011bcf9bdc989a40fcc2f1ed4ff /doc/ci/environments/protected_environments.md | |
parent | 72123183a20411a36d607d70b12d57c484394c8e (diff) |
Add latest changes from gitlab-org/gitlab@15-1-stable-eev15.1.0-rc42
Diffstat (limited to 'doc/ci/environments/protected_environments.md')
-rw-r--r-- | doc/ci/environments/protected_environments.md | 40 |
1 files changed, 21 insertions, 19 deletions
diff --git a/doc/ci/environments/protected_environments.md b/doc/ci/environments/protected_environments.md index adc215c7aa1..35ee4f9dd33 100644 --- a/doc/ci/environments/protected_environments.md +++ b/doc/ci/environments/protected_environments.md @@ -127,20 +127,16 @@ they have the following privileges: ## Deployment-only access to protected environments Users granted access to a protected environment, but not push or merge access -to the branch deployed to it, are only granted access to deploy the environment. An individual in a -group with the Reporter role, or in groups added to the project with the Reporter -role, appears in the dropdown menu for deployment-only access. +to the branch deployed to it, are only granted access to deploy the environment. +[Invited groups](../../user/project/members/share_project_with_groups.md#share-a-project-with-a-group-of-users) added +to the project with [Reporter role](../../user/permissions.md#project-members-permissions), appear in the dropdown menu for deployment-only access. To add deployment-only access: -1. Add a group with the Reporter role. -1. Add users to the group. -1. Invite the group to be a project member. +1. Create a group with members who are granted to access to the protected environment, if it doesn't exist yet. +1. [Invite the group](../../user/project/members/share_project_with_groups.md#share-a-project-with-a-group-of-users) to the project with the Reporter role. 1. Follow the steps in [Protecting Environments](#protecting-environments). -Note that deployment-only access is the only possible access level for groups with the Reporter -role. - ## Modifying and unprotecting environments Maintainers can: @@ -208,7 +204,7 @@ configured: deployment ruleset. - Developers should be given no more than the Developer role for the top-level group, or explicitly given the Maintainer role for a child project - They do *NOT* have access to the CI/CD configurations in the + They do *not* have access to the CI/CD configurations in the top-level group, so operators can ensure that the critical configuration won't be accidentally changed by the developers. - For sub-groups and child projects: @@ -232,17 +228,23 @@ Having this configuration in place: ### Protect critical environments under a group -To protect a group-level environment: +To protect a group-level environment, make sure your environments have the correct +[`deployment_tier`](index.md#deployment-tier-of-environments) defined in `.gitlab-ci.yml`. -1. Make sure your environments have the correct - [`deployment_tier`](index.md#deployment-tier-of-environments) defined in - `.gitlab-ci.yml`. -1. Configure the group-level protected environments by using the - [REST API](../../api/group_protected_environments.md). +#### Using the UI -NOTE: -Configuration [with the UI](https://gitlab.com/gitlab-org/gitlab/-/issues/325249) -is scheduled for a later release. +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/325249) in GitLab 15.1. + +1. On the top bar, select **Menu > Groups** and find your group. +1. On the left sidebar, select **Settings > CI/CD**. +1. Expand **Protected environments**. +1. From the **Environment** list, select the [deployment tier of environments](index.md#deployment-tier-of-environments) you want to protect. +1. In the **Allowed to deploy** list, select the [subgroups](../../user/group/subgroups/index.md) you want to give deploy access to. +1. Select **Protect**. + +#### Using the API + +Configure the group-level protected environments by using the [REST API](../../api/group_protected_environments.md). ## Deployment approvals |