Limit roles that can trigger manual jobs

Description

The current problem I am facing is that, once I merge changes into a protected production branch, my users with the Developer role can trigger deployments from the pipelines menu to our production servers.

Proposal

• Give project masters the ability to control which roles can trigger manual pipeline jobs via the CI/CD settings menu.
• Extend the PUT /projects/:id endpoint to accept an access level for this setting

Overview

What is it?

• Control over who can trigger manual deployments.

Why should someone use this feature?

• If they want to control who can trigger manual deployments.

What is the underlying (business) problem?

• That manual deployments can be triggered by anyone with the developer role.

How do you use this feature?

• Go to Settings > CI/CD > Trigger Manual Jobs and select which roles will be granted that permission.
• Alternatively: Call the PUT /projects/:id endpoint with attribute manual_job_access and an access level for a value (e.g. 30 => Developer, 40 => Master).

Use cases

Who is this for? Provide one or more use cases.

• Project master doesn't want developer to be able to trigger manual jobs for change control reasons, project master limits manual job triggering to masters instead.

Feature checklist

Make sure these are completed before closing the issue, with a link to the relevant commit.

• Feature assurance
• Documentation
• Added to features.yml