Group-level UI for Protected Environments
Typically, large enterprise organizations have an explicit permission boundary between developers and operators. Developers build and test their code/application, and operators deploy and monitor the application. The permission of each group is carefully configured in order to avoid unauthorised users gain an access to a critical component.
This follows the configuration introduced in #215888 (closed) and allows users to achieve this in the UI
Introduce a group-level setting for group Owners to designate who can modify Protected Environment settings in a project:
- Maintainers and Owners (default)
- Owners only
The group level setting will be similar to the project level setting
Users with the right permissions can assign specific Users, Groups or roles to deploy to protected environments.
This setting will aggregate to any project that is associated within this group of projects.
If this setting is used. The project level protected environment will be disabled or hidden and cannot be set and the API requests should fail as well.
If a project is removed from the group, the setting for protected environment shall be available in the projects level.