summaryrefslogtreecommitdiff
path: root/doc/ci/environments/protected_environments.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/ci/environments/protected_environments.md')
-rw-r--r--doc/ci/environments/protected_environments.md39
1 files changed, 20 insertions, 19 deletions
diff --git a/doc/ci/environments/protected_environments.md b/doc/ci/environments/protected_environments.md
index 9bc3c97837c..3cd4ebdbdf1 100644
--- a/doc/ci/environments/protected_environments.md
+++ b/doc/ci/environments/protected_environments.md
@@ -30,18 +30,19 @@ To protect, update, or unprotect an environment, you need to have at least the
To protect an environment:
-1. Navigate to your project's **Settings > CI/CD**.
-1. Expand the **Protected environments** section.
-1. From the **Environment** dropdown menu, select the environment you want to protect.
-1. In the **Allowed to Deploy** dropdown menu, select the role, users, or groups you
+1. On the top bar, select **Menu > Projects** and find your project.
+1. On the left sidebar, select **Settings > CI/CD**.
+1. Expand **Protected environments**.
+1. From the **Environment** list, select the environment you want to protect.
+1. In the **Allowed to deploy** list, select the role, users, or groups you
want to give deploy access to. Keep in mind that:
- There are two roles to choose from:
- - **Maintainers**: Allows access to all maintainers in the project.
- - **Developers**: Allows access to all maintainers and all developers in the project.
- - You can only select groups that are already associated with the project.
- - Only users that have at least the Developer role appear in
- the **Allowed to Deploy** dropdown menu.
-1. Click the **Protect** button.
+ - **Maintainers**: Allows access to all of the project's users with the Maintainer role.
+ - **Developers**: Allows access to all of the project's users with the Maintainer and Developer role.
+ - You can select groups that are already associated with the project only.
+ - Users must have at least the Developer role to appear in
+ the **Allowed to deploy** list.
+1. Select **Protect**.
The protected environment now appears in the list of protected environments.
@@ -121,7 +122,7 @@ access to a protected environment through any of these methods:
If the user also has push or merge access to the branch deployed on production,
they have the following privileges:
-- [Stopping an environment](index.md#stopping-an-environment).
+- [Stop an environment](index.md#stop-an-environment).
- [Delete a stopped environment](index.md#delete-a-stopped-environment).
- [Create an environment terminal](index.md#web-terminals).
@@ -134,10 +135,10 @@ appears in the dropdown menu for deployment-only access.
To add deployment-only access:
-1. Add a group with Reporter permissions.
-1. Add user(s) to the group.
+1. Add a group with the Reporter role.
+1. Add users to the group.
1. Invite the group to be a project member.
-1. Follow the steps outlined in [Protecting Environments](#protecting-environments).
+1. Follow the steps in [Protecting Environments](#protecting-environments).
Note that deployment-only access is the only possible access level for groups with [Reporter permissions](../../user/permissions.md).
@@ -163,7 +164,7 @@ For more information, see [Deployment safety](deployment_safety.md).
> - To use in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-group-level-protected-environments). **(FREE SELF)**
This in-development feature might not be available for your use. There can be
-[risks when enabling features still in development](../../user/feature_flags.md#risks-when-enabling-features-still-in-development).
+[risks when enabling features still in development](../../administration/feature_flags.md#risks-when-enabling-features-still-in-development).
Refer to this feature's version history for more details.
Typically, large enterprise organizations have an explicit permission boundary
@@ -214,7 +215,7 @@ configured:
- Operators should be assigned the [maintainer role](../../user/permissions.md)
(or above) to the top-level group. They can maintain CI/CD configurations for
the higher environments (such as production) in the group-level settings page,
- wnich includes group-level protected environments,
+ which includes group-level protected environments,
[group-level runners](../runners/runners_scope.md#group-runners),
[group-level clusters](../../user/group/clusters/index.md), etc. Those
configurations are inherited to the child projects as read-only entries.
@@ -231,9 +232,9 @@ configured:
cannot override it.
- [Project-level protected environments](#protecting-environments) can be
combined with the group-level setting. If both group-level and project-level
- environment configurations exist, the user must be allowed in **both**
- rulesets in order to run a deployment job.
- - Within a project or a sub-group of the top-level group, developers can be
+ environment configurations exist, to run a deployment job, the user must be allowed in **both**
+ rulesets.
+ - In a project or a subgroup of the top-level group, developers can be
safely assigned the Maintainer role to tune their lower environments (such
as `testing`).
View Lorry Controller Status