summaryrefslogtreecommitdiff
path: root/doc/ci/environments/protected_environments.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/ci/environments/protected_environments.md')
-rw-r--r--doc/ci/environments/protected_environments.md35
1 files changed, 35 insertions, 0 deletions
diff --git a/doc/ci/environments/protected_environments.md b/doc/ci/environments/protected_environments.md
index b6141ddc7ac..5dda0cc81f6 100644
--- a/doc/ci/environments/protected_environments.md
+++ b/doc/ci/environments/protected_environments.md
@@ -47,6 +47,37 @@ To protect an environment:
The protected environment will now appear in the list of protected environments.
+## Environment access by group membership
+
+A user may be granted access to protected environments as part of
+[group membership](../../user/group/index.md). Users with
+[Reporter permissions](../../user/permissions.md), can only be granted access to
+protected environments with this method.
+
+## Deployment branch access
+
+Users with [Developer permissions](../../user/permissions.md) can be granted
+access to a protected environment through any of these methods:
+
+- As an individual contributor, through a role.
+- Through a group membership.
+
+If the user also has push or merge access to the branch deployed on production,
+they have the following privileges:
+
+- [Stopping an environment](index.md#stopping-an-environment).
+- [Delete a stopped environment](index.md#delete-a-stopped-environment).
+- [Create an environment terminal](index.md#web-terminals).
+
+## Deployment-only access to protected environments
+
+Users granted access to a protected environment, but not push or merge access
+to the branch deployed to it, are only granted access to deploy the environment.
+
+NOTE: **Note:**
+Deployment-only access is the only possible access level for users with
+[Reporter permissions](../../user/permissions.md).
+
## Modifying and unprotecting environments
Maintainers can:
@@ -55,6 +86,10 @@ Maintainers can:
**Allowed to Deploy** dropdown menu.
- Unprotect a protected environment by clicking the **Unprotect** button for that environment.
+NOTE: **Note:**
+After an environment is unprotected, all access entries are deleted and must
+be re-entered if the environment is re-protected.
+
For more information, see [Deployment safety](deployment_safety.md).
<!-- ## Troubleshooting
View Lorry Controller Status