Context

When managing infrastructure deployments, organizations often want to control who can promote runs in different environments. For example, you may want platform engineers or administrators to have promotion capabilities across all stacks, while limiting other developers to only promote runs in specific environments like staging.

Answer

Currently, there is no direct way to restrict the run promotion capability to specific roles. However, there are two possible workarounds using policies:

Option 1: Using Plan and Approval Policies

1. Configure a plan policy to set proposed runs into a pending review state

2. Set up an approval policy that only allows specific users to approve after the planning stage

3. The "promote" option will only become available after approval

Option 2: Using Approval Policies for Run Creation

1. When a user clicks the promote button, they become the run creator

2. Set up an approval policy that checks the run creator against an allowed list of users

3. The policy can automatically approve or deny the run based on the creator's identity

Note: These are temporary workarounds and may add additional overhead to your workflow. For more granular control over run promotion permissions, you can submit a feature request on the Spacelift feedback portal.