Enterprises need to differentiate between development and operations. We have a Developer role; we need an Operator role. Likely the developer role would not have permissions to inspect/modify production environments. I imagine something like Protected Environments to parallel protected branches, and only Operators and Admins/Owner/Master would have access to protected environments. And like protected branches, we should support wildcards for protected environments. We might need to support exceptions where regular developers can get some things shipped to production, if they follow a specific flow. Just like developers can get MRs merged to master, if they are properly approved; do we need an approval flow for CD pipelines? Or even if they just pass all automated tests, then automated CD to production is fine, but anything manual is not. At any rate, the base requirement for all of this is to be able to identify a new role, Operator, where we can start to separate permissions.