Security: Prevent or prompt for modifications to collection rules with existing deployments
We now have deployment verification to prevent damaging deployments from being created, but that doesn't stop existing deployments from being deployed accidentally.
It would be great to prevent or atleast prompt for any modifications to collection membership rules (large number of direct adds, include, query) when the collection already has an existing deployment.
yes, I don’t want custom role users to be able to add collections into other collections, we should be able to limit it to just machines\users. So think of it like this, separate the RBAC rights for the selected items feature; from the add resources feature. this is so critical, does this explanation make more sense?
To be useful, this would really also need to include checks for include/exclude membership rules - collections don't always directly have something deployed to them but a collection they're included in may well do.
make this a hierarchy setting and allow the action to disable the Deployments if so desired.
Jörgen Nilsson commented
Totally agree! was about to post the same idea.