Hi. Is there a recommended git ops workflow best practice for teams which don't want developers to directly submit flows with an agent?

Hi @Ian Fridge - Thanks for the question! Let me check I understand - Are you wanting a way to prevent developers from running a flow without approval?

Yeah, The goal is to have a jenkins workflow which submits the job after automated tests have been run. We would like developers to be able to log in to the UI and view the status of flows. We would like the only way to submit tasks to the scheduler to be done via jenkins.

Hey Ian - Prefect Server does not have any concept of permissions or authorization, so you’d likely need to craft a custom configuration of some kind. My recommendation would be to use Prefect Cloud (which has role based access): you could configure your CICD pipeline to register your Flows with an appropriately scoped token, and you only give your developers READ ONLY roles

Thanks!

Absolutely! A big feature of Prefect Cloud is that your code and execution environment are entirely in your control. For more (high level) details, check out this blog post: https://medium.com/the-prefect-blog/the-prefect-hybrid-model-1b70c7fd296

Thanks! That sounds like it will work perfectly for our needs.