Allow users to start and retry pipelines for protected tags they don't have access to
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Proposal
While working on a customer ticket, the proposal to allow this feature came up:
When a protected tag is created with a Deploy key, all pipelines triggered by that tag(or wildcard) will appear to have the deploy key owner as the Pipeline Triggerer. To solve this, tags are unprotected, but this allows any user to create tags which would trigger a pipeline.
Their feedback:
And if a protected tag is limited to a single user, a different user can't start or restart pipelines for that given tag. It is possible to add all people that should have permissions to start or retry pipelines to the protected tag permissions, but this also allows them to create protected tags. What I want is that people can start or restart pipelines/jobs for a tag but restrict creating a protected tag.
This may be related to the comment made here to decouple the retry permission from triggering a pipeline