Restricting builds from untrusted branches, avoiding bad actors deploying to production

Hi – how do I restrict the developer accounts from being able to run builds that trigger production deployments?

That or (feature request) – can we have accounts that can view the build logs but not trigger builds via the UI?



The first thing that comes to mind is to assign roles. The “Testers/QA” role only allows the user to view builds. You can find out more information about roles at:

Another option would be to use manual approval for PR builds. Info on setting this up can be found at:

Hope this helps!