Granular block step permissions using allowed_teams

You can now specify which teams are allowed to unblock a build, or submit an input step, using the allowed_teams field.

With this new field, you can separate the permission to create a build from the permission to unblock a build, allowing you to create more flexible access control policies.

For example, you may want to allow all engineers to create a build in your infrastructure pipeline, but only allow your platform engineering team to apply the changes:

steps:
  - label: "Plan"
    command: "terraform init && terraform plan -input=false -out=tfplan"
    plugins:
      - artifacts:
          upload: "tfplan"

  - block: "Apply changes?"
    allowed_teams: ["platform-engineering"]

  - label: "Apply"
    command: "terraform apply -input=false tfplan"
    plugins:
      - artifacts:
          download: "tfplan"

The allowed_teams field is also available on input steps:

steps:
  - input: "🔮"
    allowed_teams: "wizards"
    fields:
      - text: "What spell would you like to cast?"
        key: "spell-of-the-day"

For more information, see the documentation for block steps and input steps.

Scale-Out Delivery Platform→

Capabilities

Pipelines→

Test Engine→

Package Registries→

Mobile Delivery Cloud→

Bring your own compute

Hosted compute

Replace Jenkins

Workflows for AI/ML

Testing at scale

Monorepo mojo

Bazel orchestration

Example pipelines

Webinars

Blog

Public pipelines

Case studies

Events

Follow Buildkite

About

Careers

Follow Buildkite

Granular block step permissions using allowed_teams

David

Start turning complexity into an advantage

Platform

Hosting options

Resources

Company

Solutions

Legal

Support