Restrict user to trigger pipelines Group

[Hai Dang Dong]

We have many service and each service have many environment for each dev team. example: 
Billing service:

- dev1

- dev-red

- dev-green

- ....

so i managed by create pipelines group follow service, and environment (of gocd) follow our env. But seem we only have choice restrict role team for each pipelines group, i don't want team role (ex: dev1) can see and run pipeline of another team (ex: dev-red). how can i do that.  

[Chad Wilson]

While you can override and set permissions at an individual Pipeline Stage level, pipeline groups are the main way to control who can see and operate pipelines. I believe the permissions here just override who can "operate" (trigger) the stage.

Pipeline stage permissions are not very easy to maintain, and are mainly used for special situations like "I want only special people/roles to have permissions to trigger the "deploy-to-prod" stage, but other stages anyone in the role can operate".

So you are usually best to model your pipeline groups around teams, rather than services in a situation where you have the same service worked on with different pipelines by different teams that you don't want to see each other.

Are you using pipelines-as-code, APIs or the user interface to manage/define your pipelines/pipeline groups?

-Chad

--
You received this message because you are subscribed to the Google Groups "go-cd" group.
To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/86bca9cf-0502-48bc-93b9-7bb115e11f2bn%40googlegroups.com.