Reputation: 3032
how to lock down release pipepline Azure Devops Server
I have a requirement to prevent changes to the part of a release pipeline that releases to databases.
in my release pipeline, I have 2 release agent jobs, one for the database, one for the application. The agentpool that runs the database release has (necessarily) sysadmin perms on Prod servers, and I want to make sure that no-one (other than DBA's) have access to change that part AgentJob in the pipeline. (but still have others make changes to other parts of the job)
Currently I've limited agent pool with perms to the DBA team, but when the other devs view the pipeline, it shows errors because they dont have perms to the pools that can deploy the db (and as such cannot update any part of the pipeline)
Upvotes: 2
Views: 356
Answers (1)
Reputation: 35
@Trubs, I believe you are talking about stage level security. You can easily protect your production stage by setting proper pipeline stage security Specify stages
Devs will see a message like below
Upvotes: 1
Related Questions
- DevOps - Disabling stages in a release pipeline
- Azure DevOps Releases - Avoid the stage approval when the release starts on scheduling
- Azure DevOps: Ensure Production stage can only be released from the master branch of the repository
- Azure DevOps not to trigger release automatically
- How do I restrict pipeline triggering
- Prevent parallel execution of same release pipeline in Azure DevOps
- Indefinitely retain release and build
- Release management: How to secure?
- Prevent automatic deployment on manual release definition creation
- How to restrict access to Pipelines in Azure DevOps