Reserve Manual Approvals to specific roles
You can now restrict which roles can issue manual approvals during the course of deployment. This helps you ensure that only authorized people are promoting changes to Production, and application owners are interacting with their own applications. To restrict approvals, you need to add a
requiresRoles field in the manual approval step and list the roles that can issue approvals. Organization Admins and respective tenant's Admins can issue approvals, even if those roles are not included in the
Users without the required role will have the approval functionality disabled and will see a message on which roles can issue approvals. More detailed documentation is in progress and will soon be up on our docs site.
targets: prod: account: demo-prod-cluster namespace: application-1 strategy: canary-20 constraints: beforeDeployment: - pause: untilApproved: true requiresRoles: ["Production Owner"] strategies: canary-20: canary: steps: - setWeight: weight: 20 - pause: untilApproved: true requiresRoles: ["sample-application-owners"]