Add latest changes from gitlab-org/gitlab@15-1-stable-eev15.1.0-rc42

1 files changed, 21 insertions, 19 deletions

diff --git a/doc/ci/environments/protected_environments.md b/doc/ci/environments/protected_environments.md
index adc215c7aa1..35ee4f9dd33 100644
--- a/doc/ci/environments/protected_environments.md
+++ b/doc/ci/environments/protected_environments.md
@@ -127,20 +127,16 @@ they have the following privileges:
 ## Deployment-only access to protected environments
 
 Users granted access to a protected environment, but not push or merge access
-to the branch deployed to it, are only granted access to deploy the environment. An individual in a
-group with the Reporter role, or in groups added to the project with the Reporter
-role, appears in the dropdown menu for deployment-only access.
+to the branch deployed to it, are only granted access to deploy the environment.
+[Invited groups](../../user/project/members/share_project_with_groups.md#share-a-project-with-a-group-of-users) added
+to the project with [Reporter role](../../user/permissions.md#project-members-permissions), appear in the dropdown menu for deployment-only access.
 
 To add deployment-only access:
 
-1. Add a group with the Reporter role.
-1. Add users to the group.
-1. Invite the group to be a project member.
+1. Create a group with members who are granted to access to the protected environment, if it doesn't exist yet.
+1. [Invite the group](../../user/project/members/share_project_with_groups.md#share-a-project-with-a-group-of-users) to the project with the Reporter role.
 1. Follow the steps in [Protecting Environments](#protecting-environments).
 
-Note that deployment-only access is the only possible access level for groups with the Reporter
-role.
-
 ## Modifying and unprotecting environments
 
 Maintainers can:
@@ -208,7 +204,7 @@ configured:
   deployment ruleset.
 - Developers should be given no more than the Developer role
   for the top-level group, or explicitly given the Maintainer role for a child project
-  They do *NOT* have access to the CI/CD configurations in the
+  They do *not* have access to the CI/CD configurations in the
   top-level group, so operators can ensure that the critical configuration won't
   be accidentally changed by the developers.
 - For sub-groups and child projects:
@@ -232,17 +228,23 @@ Having this configuration in place:
 
 ### Protect critical environments under a group
 
-To protect a group-level environment:
+To protect a group-level environment, make sure your environments have the correct
+[`deployment_tier`](index.md#deployment-tier-of-environments) defined in `.gitlab-ci.yml`.
 
-1. Make sure your environments have the correct
-   [`deployment_tier`](index.md#deployment-tier-of-environments) defined in
-   `.gitlab-ci.yml`.
-1. Configure the group-level protected environments by using the
-   [REST API](../../api/group_protected_environments.md).
+#### Using the UI
 
-NOTE:
-Configuration [with the UI](https://gitlab.com/gitlab-org/gitlab/-/issues/325249)
-is scheduled for a later release.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/325249) in GitLab 15.1.
+
+1. On the top bar, select **Menu > Groups** and find your group.
+1. On the left sidebar, select **Settings > CI/CD**.
+1. Expand **Protected environments**.
+1. From the **Environment** list, select the [deployment tier of environments](index.md#deployment-tier-of-environments) you want to protect.
+1. In the **Allowed to deploy** list, select the [subgroups](../../user/group/subgroups/index.md) you want to give deploy access to.
+1. Select **Protect**.
+
+#### Using the API
+
+Configure the group-level protected environments by using the [REST API](../../api/group_protected_environments.md).
 
 ## Deployment approvals