Just a comment - I think the permissions model should allow non WRITE users to run previews

That’s good feedback, and something that’s come up before. I’ll file an issue in our private Pulumi Service repo and try to get this fixed in the next few weeks.

ok cool! I realize it write things to the api because you see stack previews there. But for command line safety + dev iteration it would be great to preview

I think a badly implemented custom resource or dynamic resource still can cause changes, so I would do that carefully