An issue we have come across when using deployment pipelines is that often businesses want to use them to restrict manual uncontrolled deployments or changes in production.

However, since those with access to run the pipeline must have access to edit content in the workspace they are deploying to, there is nothing to stop them modifying the models or reports in the production environment, which would result in these being out of sync with other environments.

The deployment pipelines are currently acting as an aid for deployment, rather than providing governance and control over it.

Is there any possibility in the future to enable an option when setting up a deployment pipeline that prevents changes to higher environments through any methods other than through the correct deployment pipeline process?

i.e. when a change is made, it has to be deployed to dev, and then can only be pushed to test and prod through the pipeline