No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

<@U04V2CHJPU7> As shared on our call last week! Pulumi Enterprise and Business Critical supports RBAC to manage which users can see and/or update stacks. Thus, you can specify groups of one or more users and the stack(s) they have permission to read or write/update.

<@U04V2CHJPU7> one idea is to use a CI job (e.g. triggered by a Pull Request) to generate the preview.  In this way, GitHub would control the access.
<https://www.pulumi.com/docs/guides/continuous-delivery/github-actions/#pull-request-flow>

Also we have built rbac in the open-source version of pulumi in our commercial product qmcloud.

<@U04V2CHJPU7> One idea  you can use diffrent key of Cloud provider， when you  member up this resource ， they will Failed. I think if they just preview, it will be success!

<@USTE6PYRH> that is what I did, but I dont want to entirely disable people from preview I think it hurts productivity.

<@U046PTMB3PA> I dont think I understand you, can you say it again? thanks

<@U04V2CHJPU7> Are you Chinese? Sorry, my English is not very good. Regarding your question, I don’t think Pulumi currently offers this feature. However, you can try the following approach: For example, if you manage resources on AWS through Pulumi, you can assign different AWS access keys (AK) and secret keys (SK) to members of your team. By using different AKs and SKs, you can differentiate permissions. If a team member does not have permission to create new resources, I believe the Pulumi “up” command will fail, but the “preview” command should work without issue. You can give it a try.

<@U046PTMB3PA> Yes, I am Chinese. This is a interesting idea, I will give it a try, think you!