diff options
Diffstat (limited to 'doc/ci/environments/protected_environments.md')
-rw-r--r-- | doc/ci/environments/protected_environments.md | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/doc/ci/environments/protected_environments.md b/doc/ci/environments/protected_environments.md index b6141ddc7ac..5dda0cc81f6 100644 --- a/doc/ci/environments/protected_environments.md +++ b/doc/ci/environments/protected_environments.md @@ -47,6 +47,37 @@ To protect an environment: The protected environment will now appear in the list of protected environments. +## Environment access by group membership + +A user may be granted access to protected environments as part of +[group membership](../../user/group/index.md). Users with +[Reporter permissions](../../user/permissions.md), can only be granted access to +protected environments with this method. + +## Deployment branch access + +Users with [Developer permissions](../../user/permissions.md) can be granted +access to a protected environment through any of these methods: + +- As an individual contributor, through a role. +- Through a group membership. + +If the user also has push or merge access to the branch deployed on production, +they have the following privileges: + +- [Stopping an environment](index.md#stopping-an-environment). +- [Delete a stopped environment](index.md#delete-a-stopped-environment). +- [Create an environment terminal](index.md#web-terminals). + +## Deployment-only access to protected environments + +Users granted access to a protected environment, but not push or merge access +to the branch deployed to it, are only granted access to deploy the environment. + +NOTE: **Note:** +Deployment-only access is the only possible access level for users with +[Reporter permissions](../../user/permissions.md). + ## Modifying and unprotecting environments Maintainers can: @@ -55,6 +86,10 @@ Maintainers can: **Allowed to Deploy** dropdown menu. - Unprotect a protected environment by clicking the **Unprotect** button for that environment. +NOTE: **Note:** +After an environment is unprotected, all access entries are deleted and must +be re-entered if the environment is re-protected. + For more information, see [Deployment safety](deployment_safety.md). <!-- ## Troubleshooting |