Overview
To ensure only a specific team can approve flag changes, rather than allowing all members with the writer
role to do so, you can set up an approval team.
Solution
1. Create a custom role
You need to create a new team in LaunchDarkly with a custom role that allows the following actions:
-
reviewApprovalRequest
: Grants permission to review flag approval requests. -
deleteApprovalRequest
: Allows deleting flag approval requests.
Example:
[
{
"effect": "allow",
"actions": [
"reviewApprovalRequest",
"deleteApprovalRequest"
],
"resources": ["proj/*:env/*:flag/*"]
}
]
After creating this custom role, assign it to the appropriate team or individual members. For more information on custom role actions, read Using actions.
2. Restrict actions for other roles
To prevent other members from approving flag changes, ensure that the following actions are disallowed for other roles:
reviewApprovalRequest
deleteApprovalRequest
bypassRequiredApproval
3. Modify the writer role
By default, members with the writer
role can make changes without requiring approvals. To prevent this, you need to create a new writer-like role. Ensure this new role denies the following actions:
reviewApprovalRequest
bypassRequiredApproval
Resources