We’ve set up automations to manage module updates at the root level, which helped reduce the number of people who need admin access to the root space. However, one issue remains:
Right now, confirming a run before plan/apply (the "commit approval") requires root-level admin privileges. We’d prefer if this approval could be handled with a separate scoped permission or role, so we don’t need anyone to have persistent admin access.
This would help us better align with least privilege access and compliance requirements and reduce audit complexity.
Ideally, it would work similarly to how we assign access to specific spaces or stacks today, without needing full admin rights at the root.
Please authenticate to join the conversation.
⚙️ In Progress
💡 Feature Requests
6 months ago
Get notified by email when there are changes.
⚙️ In Progress
💡 Feature Requests
6 months ago
Get notified by email when there are changes.