-
-
Notifications
You must be signed in to change notification settings - Fork 130
Description
What feature do you want to see added?
I would like to disable the ability to trigger "branch scanning" on a multibranch pipeline. i.e. revoke it from users; it's fine if admins can do it.
I can't disable branch scanning without revoking Item.Build permission.
Item.Build permission is desirable for children jobs like branches, pull requests, and tags for a multibranch pipeline job.
Users with Item.Build can start a branch scan which might have 10s of thousands of references scanning a single repo.
Maybe multibranch pipelines and organization job types need a separate Item.Build permission. Or maybe I can revoke user access HTTP access from /build on folder job types.
I'm not really sure of a good path forward for this.
Another idea would be a job configuration trait which propagates permissions to child jobs but does not apply to the parent job.
Upstream changes
No response
Are you interested in contributing this feature?
I'm not sure where to start for this kind of request.