login Signup

What's the best way to restrict procedures from running on specific resources

We're using Environment Reservations to guard against deployments to Production, but what is the best way to restrict a normal Procedure from running against prod?

avatar image By david 131 asked Feb 13, 2018 at 06:26 PM
more ▼
(comments are locked)
10|750 characters needed characters left

1 answer: sort voted first

Set ACLs on prod resources - best way to set this up is probably to restrict it to specific deployment projects. You could lock the resource down strictly to certain key users instead of by project, however this has the caveat that any deployments to prod HAS to be started by these users to have access to these resources, including pipelines. For instance if a developer who doesn't have execute permissions on prod kicks off the initial pipeline run, the run will get permission denied once it reaches production even with proper approvals.

avatar image By gzeng 172 answered Feb 14, 2018 at 07:01 PM
more ▼
(comments are locked)
avatar image marcoman Feb 15, 2018 at 06:16 PM

I believe gzeng provided the right answer. I thought about the original question and talked through with a friend.

In our ACLs and rules, it is easy for us to include a Resource or ResourcePool into a definition, but we don't have a rule to exclude. Instead, we would use ACLs as mentioned above.

10|750 characters needed characters left
Your answer
toggle preview:

Up to 8 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.