Here's an easy one: I demoed Pulumi to my architecture guild. They loved it, but raised a few questions I couldn't answer. The biggest one was around user security of stacks. Let's say I have 4 stacks: 1. the personal dev stack of a devops who wants to test code on his/her own 2. the shared dev stack for a team, which gets updated once code goes to develop 3. the uat stack 4. the prod stack How can I protect stacks so that the dev can create / destroy 1, but our CICD pipeline manages the other 3? So the dev has rights to stack 1, but no rights to muss with stacks 2, 3, and 4?

The role-based access control features in the Pulumi Console were designed for this. https://www.pulumi.com/docs/intro/console/collaboration/stack-permissions/

Sick, that's exactly what I was after. Cheers.