Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
57d1253c
Commit
57d1253c
authored
Mar 10, 2022
by
Shinya Maeda
Committed by
Russell Dickenson
Mar 10, 2022
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Improve the readability of Group-level Protected Environment document
parent
9d73045f
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
3 additions
and
10 deletions
+3
-10
doc/ci/environments/protected_environments.md
doc/ci/environments/protected_environments.md
+3
-10
No files found.
doc/ci/environments/protected_environments.md
View file @
57d1253c
...
...
@@ -163,9 +163,8 @@ For more information, see [Deployment safety](deployment_safety.md).
Typically, large enterprise organizations have an explicit permission boundary
between
[
developers and operators
](
https://about.gitlab.com/topics/devops/
)
.
Developers build and test their code, and operators deploy and monitor the
application. With group-level protected environments, the permission of each
group is carefully configured in order to prevent unauthorized access and
maintain proper separation of duty. Group-level protected environments
application. With group-level protected environments, operators can
restrict access to critical environments from developers. Group-level protected environments
extend the
[
project-level protected environments
](
#protecting-environments
)
to the group-level.
...
...
@@ -194,12 +193,6 @@ and are protected at the same time.
### Configure group-level memberships
In an enterprise organization, with thousands of projects under a single group,
ensuring that all of the
[
project-level protected environments
](
#protecting-environments
)
are properly configured is not a scalable solution. For example, a developer
might gain privileged access to a higher environment when they are given the Maintainer role
for a new project. Group-level protected environments can be a solution in this situation.
To maximize the effectiveness of group-level protected environments,
[
group-level memberships
](
../../user/group/index.md
)
must be correctly
configured:
...
...
@@ -237,7 +230,7 @@ Having this configuration in place:
-
If a user is about to run a deployment job in a project but disallowed to
deploy to the environment, the deployment job fails with an error message.
### Protect
a group-level environment
### Protect
critical environments under a group
To protect a group-level environment:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment