Added Promotion Approval Snap + Artifact Approver role

devtron-labs · ashokdevtron · May 20, 2024 · Mar 7, 2024 · Mar 7, 2024 · Mar 7, 2024
commit 88ee29ebc5d14866957f284dfb8bd41c94a5738f
@@ -53,7 +53,7 @@ If an image matches both pass and fail conditions, the priority of the fail cond
 If you don't define both pass and fail conditions, all images will be eligible for promotion.
 {% endhint %}  
 
-6. (Optional) If required, you can setup approval requirements for this policy. If **Approval for Image Promotion Policy** is enabled, an [approval will be required for an image]((#approving-image-promotion-request)) to be directly promoted to the target environment. Only the users having 'Image Promotion Approver' role (for the application and environment) will be able to approve the image promotion request.
+6. (Optional) If required, you can setup approval requirements for this policy. If **Approval for Image Promotion Policy** is enabled, an [approval will be required for an image]((#approving-image-promotion-request)) to be directly promoted to the target environment. Only the users having 'Artifact Approver' role (for the application and environment) will be able to approve the image promotion request.
 
  * **Number of Approvals (1-6)**: Specify the number of approvals required to promote an image. This can vary from one approval (minimum) to six approvals (maximum).
 
@@ -136,7 +136,7 @@ In case you have configured [SES or SMTP on Devtron](../global-configurations/ma
 
 {% hint style="warning" %}
 ### Who Can Perform This Action?
-User needs to be a direct promotion approver or a super-admin to approve an image promotion request.
+Only the users having [Artifact approver](./user-access.md#role-based-access-levels) (for the application and environment) or superadmin permissions will be able to approve the image promotion request.
 {% endhint %} 
 
 1. Go to the **Build & Deploy** tab of your application.
@@ -159,7 +159,9 @@ You can also use the **Show requests** dropdown to filter the image promotion re
 
 ![Figure 7: Show Env-specific Promotion Requests](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/image-promotion/show-requests.jpg)
 
-show-requests.jpg
+If there are pending promotion requests, you can approve them as shown below:
+
+![Figure 8: Approving Image Promotion Requests](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/image-promotion/image-promo-approval.gif)
 
 ### Deploying a Promoted Image
 
@@ -174,9 +176,8 @@ However, a promoted image does not automatically qualify as a deployable image.
 
 In the **Build & Deploy** tab of your application, click **Select Image** for the CD pipeline, and choose your promoted image for deployment.
 
-![Figure 8: Deploying Promoted Image](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/image-promotion/deploying-promoted-image.jpg)
+![Figure 9: Deploying Promoted Image](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/image-promotion/deploying-promoted-image.jpg)
 
 You can check the deployment of promoted images in the **Deployment History** of your application. It will also indicate the pipeline from which the image was promoted and deployed to the target environment.
 
-![Figure 9: Deployment History - Checking Image Source](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/image-promotion/promoted-image-deploy-log.jpg)
-
+![Figure 10: Deployment History - Checking Image Source](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/image-promotion/promoted-image-deploy-log.jpg)
@@ -18,7 +18,10 @@ Devtron supports 5 levels of access:
 3. **Admin**: Users with `admin` privileges can create, edit, delete, and view permitted applications in permitted projects.
 4. **Manager**: Users with `manager` privileges can do everything that an `admin` user can do. Additionally, they can also give and revoke access of users for the applications and environments of which they are the manager.
 5. **Super Admin**: Users with `super admin` privileges have unrestricted access to all the Devtron resources. Super Admins can create, modify, delete and view any Devtron resource without any restriction; it's like Superman without the weakness of Kryptonite. Moreover, they can add and delete user access across any Devtron resource, add delete git repository credentials, container registry credentials, cluster, and environment.
-6. **Approver**: Users with `approver` privileges have the authority to approve requests for image deployment. However, the user who built the image and/or requested approval cannot self-approve, even if they have approver or super-admin privileges.
+6. **Image approver**: Users with `Image approver` privileges have the authority to approve requests for image deployment. However, the user who built the image and/or requested approval cannot self-approve, even if they have approver or super-admin privileges.
+7. **Configuration approver**: Users with `Configuration approver` privileges have the authority to approve changes to protected configurations of Deployment Template, ConfigMaps, and Secrets. However, the user who proposed the changes cannot self-approve, even if they have configuration approver or super-admin privileges.
+8. **Artifact promoter**: Users with this privilege have the authority to approve promotion of [artifacts](../../reference/glossary.md#artifacts) directly to the target CD pipeline.
+
 
 ## User Roles And Permissions