diff options
Diffstat (limited to 'doc/ci/environments/protected_environments.md')
| -rw-r--r-- | doc/ci/environments/protected_environments.md | 41 |
1 files changed, 29 insertions, 12 deletions
diff --git a/doc/ci/environments/protected_environments.md b/doc/ci/environments/protected_environments.md index 219af4ced9d..b72ebe838b8 100644 --- a/doc/ci/environments/protected_environments.md +++ b/doc/ci/environments/protected_environments.md @@ -1,3 +1,7 @@ +--- +type: concepts, howto +--- + # Protected Environments **[PREMIUM]** > [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/6303) in [GitLab Premium](https://about.gitlab.com/pricing/) 11.3. @@ -9,8 +13,8 @@ - Some of them are just for testing. - Others are for production. -Because deploy jobs can be raised by different users with different roles, it is important that -specific environments are "protected" to avoid unauthorized people affecting them. +Since deploy jobs can be raised by different users with different roles, it is important that +specific environments are "protected" to prevent unauthorized people from affecting them. By default, a protected environment does one thing: it ensures that only people with the right privileges can deploy to it, thus keeping it safe. @@ -28,14 +32,14 @@ To protect an environment: 1. Navigate to your project's **Settings > CI/CD**. 1. Expand the **Protected Environments** section. 1. From the **Environment** dropdown menu, select the environment you want to protect. -1. In the **Allowed to Deploy** dropdown menu, select the role, users, or groups you want to have deploy access. - There are some considerations to have in mind: - - There are two roles to choose from: - - **Maintainers**: will allow access to all maintainers in the project. - - **Developers**: will allow access to all maintainers and all developers in the project. - - You can only select groups that are associated with the project. - - Only users that have at least Developer permission level will appear on - the **Allowed to Deploy** dropdown menu. +1. In the **Allowed to Deploy** dropdown menu, select the role, users, or groups you + want to give deploy access to. Keep in mind that: + - There are two roles to choose from: + - **Maintainers**: will allow access to all maintainers in the project. + - **Developers**: will allow access to all maintainers and all developers in the project. + - You can only select groups that are already associated with the project. + - Only users that have at least Developer permission level will appear in + the **Allowed to Deploy** dropdown menu. 1. Click the **Protect** button. The protected environment will now appear in the list of protected environments. @@ -44,5 +48,18 @@ The protected environment will now appear in the list of protected environments. Maintainers can: -- Update existing protected environments at any time by changing the access on **Allowed to deploy** dropdown menu. -- Unprotect a protected environment by clicking the **Unprotect** button of the environment to unprotect. +- Update existing protected environments at any time by changing the access in the + **Allowed to Deploy** dropdown menu. +- Unprotect a protected environment by clicking the **Unprotect** button for that environment. + +<!-- ## Troubleshooting + +Include any troubleshooting steps that you can foresee. If you know beforehand what issues +one might have when setting this up, or when something is changed, or on upgrading, it's +important to describe those, too. Think of things that may go wrong and include them here. +This is important to minimize requests for support, and to avoid doc comments with +questions that you know someone might ask. + +Each scenario can be a third-level heading, e.g. `### Getting error message X`. +If you have none to add when creating a doc, leave this section in place +but commented out to help encourage others to add to it in the future. --> |