Restricting builds from untrusted branches, avoiding bad actors deploying to production

Hi – how do I restrict the developer accounts from being able to run builds that trigger production deployments?

That or (feature request) – can we have accounts that can view the build logs but not trigger builds via the UI?

Thanks.

Hello,

The first thing that comes to mind is to assign roles. The “Testers/QA” role only allows the user to view builds. You can find out more information about roles at:

Another option would be to use manual approval for PR builds. Info on setting this up can be found at:

Hope this helps!