1. Using Visual Builder Studio
  2. Common Tasks
  3. Build Your Applications
  4. Run Jobs in a Pipeline
  5. Protect Your Pipeline: Restrict Who Can Start It Manually or Edit Its Configuration

Protect Your Pipeline: Restrict Who Can Start It Manually or Edit Its Configuration

If you want to prevent unauthorized users from manually starting your pipeline or editing (and changing) its configuration, you can impose those restrictions from the Pipeline Protection tab on the Project Administration Builds page:

  1. In the left navigator, click Project Administration Project Administration.
  2. Click Builds.
  3. Click the Pipeline Protection tab.
  4. From the pipelines list, select the pipeline.

    If your project has many pipelines, you may have difficulty finding the specific pipeline you want to protect. Use the Search Search icon bar to quickly locate the pipeline to which you want to add the restricted settings.

    If a pipeline in the list of pipelines to the left has a lock icon Lock icon next to it, it has already been protected. A protected pipeline's restrictions can still be modified, removed, or the list of authorized users and groups can still be changed.

    The Protection Settings dialog box is displayed.


    Description of pipeline-protection-default-setting.png follows
    Description of the illustration pipeline-protection-default-setting.png

  5. Select the RESTRICTED option.


    Description of pipeline-protection-edit-restricted-setting.png follows
    Description of the illustration pipeline-protection-edit-restricted-setting.png

    With this setting, only authorized users and groups will be allowed to edit the pipeline configuration.

  6. Click in the Authorized Users/Groups field to display a dialog that lists the project's Groups and Users you can select from.

    Under Users, you can see a flattened list of all users that are members of the group(s) as well as ones that were added individually. For example, the dev-group members (Clara Coder, Don Developer, and Tina Testsuite) appear in the Users list, along with Alex Admin, who was added individually. From the list, select one or more groups and/or users. Don't forget to add yourself.


    Description of authorized-groups-and-users.png follows
    Description of the illustration authorized-groups-and-users.png

    Note:

    Users in Oracle Cloud Application environments that have multiple VB Studio instances in different identity stripes have username strings that include the environment name, where that user has been defined. Since a unique user may have been defined for multiple environments, this format ensures that one identity can be distinguished from that user's other unique identities. This should help you select the correct user to add.

    Alex Admin was selected.
    Description of pipeline-protection-authorized-users.png follows
    Description of the illustration pipeline-protection-authorized-users.png

  7. Select the Allow any member of the project to manually start this pipeline checkbox to leave the restriction for editing the pipeline by authorized users and groups in place but lift the restriction on who can manually start the pipeline.


    Description of pipeline-protection-checkbox-checked.png follows
    Description of the illustration pipeline-protection-checkbox-checked.png

    If you select this checkbox, any project member with sufficient privileges can start the pipeline manually, even if they haven't been specified as an authorized user or are a member of a group that has been authorized. This effectively cancels any previous restriction for starting or running the pipeline manually.

  8. Click Save.

When a pipeline is protected, the Pipeline Details page won't show the Configure and Delete buttons to unauthorized users for protected pipelines and the Configure Pipeline option in the Actions Action menu menu on the Pipelines page won't be available. However, an unauthorized user could still inadvertently access a protected pipeline, perhaps by using a bookmarked URL that was saved before the user lost access, and this is what they'll see:
Description of pipeline-protection-error.png follows
Description of the illustration pipeline-protection-error.png

The lock icon Lock iconin the Private column in the list of pipelines on the Pipelines page identifies protected pipelines.

The project's activity feed shows all edit-restricting activities, thereby providing a historical record of showing how the pipeline was protected. The pipeline log also records these protective activities and provides a historical accounting that can be referred to later, if needed.

Tip:

Protecting the pipeline prevents unauthorized users from editing the configuration but it does not prevent anyone from running the pipeline. The only way to limit that is to protect the initial job (the one that follows the Start node) by changing its Job Protection Settings to Private. That way, if the job is triggered in a pipeline by an unauthorized user or group, it won't be initiated. By default, the Job Protection settings don't allow commits and triggers to start a private job. You may, however, click the Allow commits and triggers to start this private job button to allow the job to be initiated if it is triggered by an SCM commit or by a timer. See Configure Job Protection Settings for more information.