►
A
B
B
So
one
thing
I
guess
actually
mikhail.
You
were
part
of
this
meeting
here.
That
victor
is
mentioning
the.
B
Life
yeah,
he
said
you
met
with
emre
farquhas.
C
B
About
personal
access
to
opinion,
service
accounts
and
all
of
that.
C
C
Yes,
service
accounts
would
be
perfect
much,
but
they
are
not
scheduled.
Work
on
them
is
not
scheduled,
and
nobody
knows
when
that
will
happen
and
it
might
take
up
to-
or
at
least
three
milestones.
C
So
basically,
we
are
not
waiting
for
them
and
alternatives
that
he
suggested
also
don't
work
for
us
so
like
we
have
to
roll
our
own
solution.
Basically
database
based
most
likely
because
because
of
groups.
A
And
additionally,
it's
premium
feature
as
well
right
and
there
is
a
requirement
that
you
need
to
do
something
for
core
that
cords.
Okay,.
D
Yeah,
so
my
idea
was,
since
we
can't
use
well
since
we're
unable
to
use
an
external
file.
This
is
all
on
the
assumption
that
it's
being
group
level,
we
can't
use
anything
in
a
repo,
and
so
we've
got
a
fairly
similar,
similar
process
at
the
moment
where
we
receive
configuration
from
caz
about
ci
access-
and
this
is
actually
very
similar-
I
was
thinking
we
could
extend
this
to
work
as
a
double
opt-in
mechanism
for
github's
access.
D
D
That
way,
we
can
show
them
in
a
ui
somewhere
on
project
and
group
level.
Someone
can
approve
them
and
then,
once
they're
approved,
when
the
check
is
performed,
whether
a
agent
has
access
to
a
project.
We
can
just
look
for
the
presence
of
an
approved
record
here
for
the
project
or
the
group,
a
group
above
it,
and
this
is
simpler
than
ci
access,
because
we
don't
have
any
of
the
performance
problems
that
we
had
to
kind
of
put
in
place.
Restrictions
for
in
ci
access.
D
D
A
Yeah,
that's
I
really
like
this
idea.
I
think
it's
a
very
nice
user
experience
and
then
I
was
trying
to
understand
all
the
concepts
and
whether
we
and
how
much
we
could
reuse
what
we
currently
have.
A
So,
if
understood
correctly,
like
I
said
as
soon
as
someone
at
edits
the
agent
config,
this
will
dispatch
like
a
record
in
a
database
which
is
like
a
access
request
and
then,
when
someone
approves
the
access
request,
I
was
thinking
this
could
be
like
the
same
that
we
have
nowadays.
So
it's
just
like
it
would
add
authoritization
record
to
the
database
on
the
group-
authorization
for
instance
table
and
then
it's
all
the
same.
D
Yeah,
so
that
would
totally
work
for
get
ops
and
the
issue
with
ci
access
is
the
performance
problem
I
mean
for
a
small
group,
it
absolutely
would
work,
but
we
would
have
to
test
it
out.
I'm
sure,
there's
some
groups
out
there
with
huge
numbers
of
projects
and
the
problem
with
this
is
they
are
every
project.
Is
a
potential
agent
configuration
project?
Obviously
not
a
lot
of
them
will
be,
but
it
doesn't
really
help
with
the
search.
So
we
can
try,
but
we
might.
D
I
think
we
might
run
into
problems
for
very
large
groups,
but
it's
probably
still
solvable.
So
I
don't
think
that
should
block
us
here.
A
And
there's
also
a
follow-up
question
that
I
didn't
write
if
you
allow
me
to
to
keep
the
discussion
going
here,
because
there
is
this
like
requirement
where
we
expect
that
it
works
exactly
like
this.
What
to
exclaim
explain
right
now
for
projects
that
would
be
like
under
a
certain
route
level
name
space,
and
then
the
agent
can
be
configured
to
anyone
under
that
root
level.
A
Namespace
like
because
that's
like
a
company
that
has
like
a
sas
usage
of
gitlab,
then
they
would
have
like
the
root
name
space,
but
for
a
self-managed
they
wouldn't
have
the
the
root
level.
I
think,
right
to
the
heat,
you
could
have
like
anyone
giving
access
to
anyone
on
different
name
spaces.
A
So
would
this
be
yet?
We
would
have
to
work
yet
on
something
different.
That's
even
more
broad
that,
like
checks
for
authentication
for
everyone,
then.
D
Yeah,
so
this
is
where
it
got
a
bit
unclear.
Technically,
it
would
still
work,
but
it
feels
wrong
to
have
to
be
able
to
just
link
these
things
completely
with
it
without
some
kind
of
other
process
in
place
so
yeah.
I
think
the
process
would
still
be
the
same,
but
we
would
need
another
layer
on
top
for
determining
if
the
group
or
determining
the
access
between
them,
even
though
it's
self-managed,
we
can't
assume
that
access
will
be
implicit.
D
So
I
think
there
does
need
to
be
another
layer
and
tokens
seem
like
a
good,
a
good
idea,
but
then
I've
just
seen
that
they
are
not
for
free.
So
I'm
still
not
sure
what
the
solution
there
is.
A
D
I
I
well,
I
think
so,
even
if
you
so
assuming
self-managed,
it
doesn't
necessarily
imply
that
one
company
right
or
one
set
of
users
that
should
have
access
to
everything,
and
I
thought
it
would
be
odd
if
you
had
two
top-level
name
spaces
on
self-managed
and
you
could
fill
an
authorization
screen
from
one
in
one
group
from
a
completely
different
top
level
space
with
users
that
aren't
common
between
them.
They
could
be
completely
separate.
D
So
I
think
the
self-managed
doesn't
necessarily
imply
same
company,
because
there
are
things
like
you
know:
open
source
projects
that
use
the
gitlab
for
many
different
things
and
you
they
still
have
open
sign
up
so
yeah.
I
think
it
might
need
something
else,
so
that
mainly
so
we
can't
just
have
we
don't
get
groups
that
get
spammed
with
also
authorization
requests
from
groups
that
have
no
relation
to
whatsoever,
but.
C
B
C
D
Oh,
I
was
gonna
say
it
would
be,
it
would
be
frustrating
as
a
group
owner
to
just
have
constant
requests
coming
in
that
you
knew
nothing
about
and
were
never
planning
on
accepting,
and
you
just
had
pages
and
pages
of
them
that
you
had
to
sift
through
to
use
your
own
to
accept
your
own
requests.
You.
C
A
But
I
also
like,
I
think
the
query
for
ci
will
be
even
crazier
if
we
allow
for
anyone
even
outside
of
the
root
level.
Namespace
right,
the
query
is
even
more
challenging
because
now
it's
suddenly
everyone.
So
it's
if
you
have
some
kind
of
different
authorization,
that's
more
like
one-to-one
thing.
You
know
then
yeah
yeah,
something
that
you
can
collect
the
list
of
authorizations
for
that
agent
if
this
is
recorded
somewhere
for
that
project.
If
this
is
recorded.
D
Yeah,
so
it's
slightly
separate
slightly
different.
We
might
end
up
needing
to
keep
the
distinction
between
them
and
have
keep
the
restriction
in
ci
access
for
now,
which
is
the
must
be
part
of
the
hierarchy
but
yeah.
Well,
I
think
it
will
for
good
ops.
I
don't
think
we
have
this
problem.
A
Yeah,
that
said,
I
also
can
see
that
I
remember
that
this
was
the
specific
case
that,
for
that
issue,
that
we
have
where
the
title
is
something
like
ci
does
not
work
outside
of
the
project.
That's
exactly
what
they
want
yeah.
They
want
two
different
level
name
spaces,
giving
access
to
each
other.
B
B
I
wanted
to
just
come
back
a
little
bit
to
the
cross
group
thing
because
I
really
do
think
there
are
self-managed
instances
that
are
really
like
sas.
D
Maybe
it's
a
group
level
opt
out
and
if
you
toggle
this
flag,
then
your
group
cannot
be
cannot
be
configured.
You'll
never
have
requests
show,
but
I
can
also
see
if
the
next
feature
request.
On
top
of
that
will
be.
I
want
my
group
to
opt
out
of
every
thing
that
I
don't
know
about
ahead
of
time
and
then
we've
kind
of
gone
full
circle.
B
I've
even
received
spam
requests
to
some
of
my
projects
for
member
access,
and
they
worry
like
for
gitlab
projects,
even
like
some
people
are
like
hey,
give
me
developer
access
to
this
thing.
I've
seen
that
too
yeah
yeah.
So
I'm
wondering
if
there
is
a
solution
there,
like,
I
feel
like
with
users.
We
solve
it
by
just
banning
them.
A
A
that,
you
can
say,
do
not
accept
requests,
access,
requests
for
a
group
or
project.
C
A
The
idea
that
victor
had
was
is
this
the
same
thing
now,
I'm
thinking
there
is
a
bullet
somewhere
in
this
dock
that
we
talk
about,
allowing
everyone
by
default
could
be
like
a
first
iteration.
Was
this
for
you?
Can
you
remember
what
to
discuss.
B
Yeah
yeah
yeah,
so
this
is
something
that
victor
was
talking.
He
mentioned
this
in
respect
to
my
question
about
it
was.
It
was
basically
the
same
thing
I
was
thinking
like.
I
was
thinking
about
cross
group
requests
and
thinking
like
if
you
were
a
certain
level,
then
you
could
auto
like
we
would
need
to
approve,
because,
because
of
where
your
request
was
coming
from,
it
would
be
safe
to
auto,
approve
it.
B
But
in
response
to
that
point,
victor
said
that
he
wanted
core
to
not
have
approvals
at
all,
so
that
somewhat
actually
negates
the
whole.
Like
you
know,
gnome
kitty
debian,
all
of
those
would
be
core
and
they
would
not
have
approvals
at
all
like
they
would
just
auto,
have
auto
accepted
across
group
sharing.
A
I
think
I
think
we're
talking
by
about
self-managed,
I
think,
for
home.
We
want
yeah,
then
you
and
no
actually
for
dot
com.
So
if
you
dot
com,
you
have
the
your
company's
hierarchy
and
we
need
to
be
strict
about
the
company's
hierarchy
request.
So
when
you
try
to
request
something,
you
should
check,
is
it
under
your
hierarchy
or
not?
Otherwise,
you
failed
the
request.
Before
the
request
even
is
created,
you
fear
the
person
and
then,
if
you
add
some
something
that's
inside
of
your
company,
then
the
access
is
granted.
A
Actually
that
I
think
that
that's
the
idea
that
the
access
granted,
so
there
is
no
option
to
deny
it
that
that's
what
would
be
premium
like
saying,
I'm
I'm
opting
out
or
I
don't
want
auto
access
accepting,
but
considering
that
you're
inside
of
the
same
company
so
first
for
self
managed.
A
So
this
would
be
like
first
iteration.
I
think
that's
what
we
thought
so
because
it's
easier
to
start
and
create
less
work
in
dealing
with
with
settings,
so
self-manage
would
be
also
the
same.
Let's
understand,
but
can
we
can
it
be
the
same
if
you,
if
we
have
this
problem
of
not
being
the
same
company
for
self-managed,
if
you
have
more
than
one
company
self-managed
as
well,
then
the
requirements.
C
So
it's
influx
wise
wide
setting,
which
is
basically
enable
gitlab.com
mode
on
off
and
self-managed
customers
can
just
turn
it
on
or
off.
Is
that
what
you
are
suggesting.
B
Yeah
except
like
for
core,
so
I
made
a
point
bold
there
and
I
had
an
apac
thing.
So
it's
it's
this
point
here.
B
So
victor
thanks,
the
the
acceptor
deny
feature
for
when
you
share
act
like
so
when
you
request
the
git
ups,
access
that,
like
on
self
manage
it,
should
just
no
one
on
core
self
managed,
so
in
a
completely
free
self-managed.
It
should
just
be
auto,
accept
maybe
also
in
core
actually
maybe
also
on
free
on
github.com
within
single.
B
B
Yeah,
that's
a
that's
a
tricky
one.
Actually
the
project
can
be
public
and
then
different
parts
of
it.
You
can
make
any
part
of
it
private,
pretty
much.
C
C
B
So
I
think
your
file
based
error
I
wanted
to
get
back
to
because
we
were
talking
about
the
query
thing,
and
that
was
a
topic
that
was
kind
of
deferred
until
this
meeting,
which
is
the
the
table
structure
like
so,
should
there
be
one
table
with
multiple
columns,
so
one
for
request
and
one
for
acceptance
was
a
one
for
request
and
one
for
grant
or
one
or
should
that
be
two
tables
one
for
a
request
and
one
for
grants.
B
Lose
the
revocal
revocation
of
of
access.
Does
that
make
sense
so
when
an
agent
owner
says
like
I
had
previously
had
like
there's
access
currently
granted
and
I'm
revoking
it,
but
at
the
same
time
the
like
a
project
owner
that
was
being
given
access
accepts
it
so
that,
like
those
two
actions
happen
at
the
same
time,
we
want
to
make
sure
that
access
is
revoked,
no
matter
what.
C
B
B
This
is
nico's
questions.
Question
is
there?
Is
there
a
possible
race
condition
when
deletion
happens.
D
Yeah,
I
think
so,
for
what
I
think
this
do
we
have
this
problem
with
ci
access
anyway,.
B
Well,
no,
because
there's
no
acceptance
there,
there
is
a
delay
in
in
re-indexing.
D
Yeah
but
the
if,
if
the
if
a
commit,
has
gone
into
the
configuration
project
removing
access,
but
if
that
happens
at
the
same
time
that
we're
generating,
I
suppose,
would
generate
a
cube
config
that
can't
be
used
right.
C
Very
small
chance,
even
if
it's
not
a
small
chance,
it's
fine
because,
like
you
start
doing
things
and
then
you
lost
taxes
and
you
get
it.
You
know
an
error,
it's
fine,
and
even
if
you
not
get
you,
if
you
don't
get
an
error
immediately
as
long
as
you
do
get
it
eventually
in
some
reasonable
time
so
system
converges
on
some
stable
state
that
is
in
git
and
then
eventually
in
the
database,
then
it's
also
fine.
I
think
it's
all
good.
D
That
would
be
my
first
thought
and
if
we
were
really
wanted
to
crack
down
on
it,
I
think
we
could
have
caz
recheck
the
repository
after
it
receives
information
from
rails
when
it
asks
if
there's
access
and
rail
says
yes,
kaz
could
recheck
the
repository
and
see
if
that
was
still
there.
If
we
were
worried,
does
that
make
sense.
C
C
For
some
a
few
minutes,
I
don't
remember
and
just
to
speed
things
up,
because
every
extra
request
to
even
radius
is
a
network
open,
that's
terrible,
so
the
fewer
we
have
and
and
yeah
going
to
italy
to
check
something
on
disk
is
even
even
worse.
I
think
I
don't
think
it's
worth
it
like
it's
a
super
rare
thing
that
doesn't
actually
lead
to
any
terrible
consequences,
any
security
consequences
or
anything
actually
it
was
approved.
It
was
revoked
system
eventually
revoked
your
access,
it's
normal.
It
doesn't
have
to
be
like,
like
that.
You
know.
C
C
And
I
think
it
will
because
cost
each
time
it
gets
an
updated
commit
from
the
reposition,
even
not
even
an
updated,
commit
yeah
every
time
it
anyway.
It
sends
the
same
configuration
multiple
times
occasionally
in
certain
cases,
but
so
eventually
it
so
it
will
keep
spamming
basically
and
the
rails
if
it,
even
if
it
had
some
connectivity
problems
to
the
database
or
whatever,
was
unavailable
or
something
something
or
had
a
bug.
Eventually,
it
will
fix
the
database
and
eventually
the
access
will
be
revoked.
B
B
Yeah,
for
example,
like
you
know
like
I
think
I
think
both
of
those
can
work
and
we,
when
we
don't
have
to
necessarily
decide
that
you
know
like
that.
That's
something
that
we
could
even
leave
to
like
the
person
doing
the
work,
because
then
they're
closer
to
the
code.
A
Let's
just
remember
we
also
talked
about
if
you
want
to
weigh
in
as
well
on
how
do
we
represent
the
groups,
for
instance
on
the
agent
config
and
like
there
was
a
proposal
like,
for
instance,
right
now.
We
have
manifest
projects,
we
could
have
manifest
groups.
This
is
one
option
and
then
you
can
add
groups
there.
A
This
is
for
giving
access
to
agent.
I
think
as
though
so
yeah
so
not
manifest
project
wouldn't
make
sense
for
groups
right.
You
would
probably
put
on
the
ci.
C
B
B
By
listing
it
as
a
manifest
project
and
then
that
project
has
to
grant
access
for
ci
it's
different,
but
it's
still
circus,
because
then
there
you
can
list
the
group
and
grant
access
to
it.
And
if
we
want
the
ability
to
exclude
certain
agents
from
the
cube
config,
then
you
may
need
so
at
the
project
level.
You
may
need
to
go
up
and
look
just
like
when
we
eventually
populate
the
ci
jobs,
cube
config,
you
know
there.
B
We
look
at
all
the
groups
and
all
the
you
know
everything
that
granted
me
access
to
this,
like
every
all
the
agents
I
have
access
to.
We
need
to
show
that
also
to
the
user
so
that
they
can
say
no.
I
don't
want
my
engineers
to
be
able
to
deploy
here
and
here
and
here
if,
if
we
want
to
do
that,
but
that's
not
actually
what
we
should
be
discussing
now,
but
it's
still
like
relevant
it's
very
similar,
but
slightly
different.
A
But
also
for
manifest,
I
coming
back
now
as
well
like.
We
might
indeed
want
to
give
access
to
a
group.
I
think,
because
if
you
want
to,
I
think
that
was
the
idea,
at
least
when
we
were
discussing
this
morning,
because
if
you
have
like
a
yeah,
you
can
set
like
a
template
thing.
You
know
idea
and
ask
that
you
are
the
projects
under
that
group
create
manifests
under
a
certain
folder
or
something
like
that,
and
then
you
give
access
to
all
of
them
at
once.
A
Instead
of
having
to
give
access
to
each
one
of
them,
you
know
so
it
becomes
like
a
template
thing.
You
give
access
to
a
group,
that's
how
we
understood
at
least
allow
this.
Everyone
under
this
group
to
use,
manifests
githubs
and
then
every
project
has
to
put
the
folder
on
that
certain
specified
path.
That's
that's
how
I
understand.
B
So
then,
that
that
that's
a
good
point
actually,
but
should
then
so
that
means
the
agent
is
saying
I
want
like
convention
across
this
entire
group.
I
want
to
say,
if
you,
if
you
put
memphis
there,
then
you're
allowed
to
deploy
like
that.
B
But
then
the
question
is
should
so
you
say
I
allow
this
group
to
deploy
manifest
from
this
folder
or
just
a
deploy,
manifest
so
you're
kind
of
requesting
access
to
their
code,
but
then,
on
the
other
side,
who
is
it
that
grants?
Who
is
it?
That
proves
that?
Can
you
approve
it
at
a
group
level
or
does
each
project
have
to
opt
into
these
kinds
of
deployments
or
a
mixture.
A
E
A
C
So
I
have
brag
to
say
things
about
this
and
let
me
say
things
so:
first,
I
think
doing
the
grant
and
then
exclude
is
always
a
pain
in
the
butt
like.
Let's
not
do
that
for
any
feature.
It's
always
just
simpler
to
have
things
that
just
compose
that
additive
that,
like
airbag
or
like.
C
Oh
god,
how
is
it
anyway?
Airbag
is
a
good
enough
example.
When
things
just
add
up
and
that's
how
you
configure
things
so
adding
the
grant
and
then
opt-in
is
always
difficult
and
having
it
in
the
database
also
makes
it
difficult
than
to
query
because
you
have
to
consult
yet
another
thing
to
exclude,
you
know,
do
the
allow
this
block
list,
merge
them
and
just
difficult
and
slow,
potentially
and
then
another
thing
I
want
to
say
is
that
is
there
actually
are
there
actually
people
who
want
this
like?
Why
do
they
want
this?
C
How
many
people
are
there
who
want
this?
Like
point:
zero,
zero,
one
percent?
Let's
not
do
that.
Second,
another
thing
that
I
want
to
say:
even
if
there
are
people
with
this
use
case,
which
I
I'm
not
sure
maybe,
but
there
are
not
many
of
them-
they
should
probably
use
some
sort
of
scripting
to
automate
this
whole
thing
rather
than
us
building
this
automation
like
thing
on
top
as
part
of
the
product,
and
they
can
use
terraform
for
that.
C
A
C
Yeah,
I
still
think
that
it
it's
much
better
to
do
just
for
people
who
need
this
to
just
let
them
do
it
using
a
script
or
terraform,
and
then
they
get
more
flexibility
in
what
they
can
do
rather
than
us
building
this
for
a
very
rare
use
case.
It
just
complicates
everything
once
you
add
this
feature,
you
have
to
do
opt-outs
and
that's
it's
a
pandora's
box.
Basically,
I
think
we
should
definitely
not
do
it
in
the
first
iteration.
B
So
to
clarify
you
don't
want
to
build
if
you
don't
want
to
have
accommodations
for,
like
group
level,
get
ups.
A
B
B
E
C
B
Like
I,
I
can't
see
it
having
an
audience
because
autodevops
has
an
audience,
and
this
is
basically
lot
of
devops
with
githubs,
but
not
quite
because
it
doesn't
build
your
code
or
anything.
It
just
deploys
the
manifest
but
yeah
it's
like.
I
can
see
it
appealing
to
organizations
that
are
very
clamped
down
on
what
you're
allowed
to
do.
B
It's
it's
at
least,
not
something.
We
should
be
complicated
like
allowing
to
complicate
the
first
iteration.
B
Okay,
it's
like
the
problem
that
everyone
right
now
is
having
is
they
want
cross
group
or
and
private
like
private
project
access
and
all
that,
like?
That's,
that's
what
we
need
to
solve
right
now,
and
this
would
be
kind
of
hijacking
that,
with
with
an
extra
complexity,.
D
Okay,
I
just
so
I
saw
there's
a
point
in
the
ux
discussion
about
showing
the
path
and
the
response
from
victor
was
maybe,
after
it's
accepted,
we'll
show
the
path,
and
this
is
the
gitoff's
manifest
path.
I
would
expect
that
if,
in
your
agent
configuration
project,
you
changed
the
path
to
look
for
manifest.
B
D
B
D
I
agree
which
makes
sense
and
I
think
that's
fine.
We
just
need
to
experiment
with
showing
those
in
the
ui.
I
guess.
C
And
it's
not
only
the
log.
Well,
maybe
it
is
only
globes
at
the
moment,
but
potentially
you
know
it.
It's
the
whole
configuration
block
for
this
repository,
so
we
should
probably
like
hash
it
and
store
the
hash
and
then
later
compare
it
with
whatever
is
present
in
the
new
configuration,
that
is,
that
was
sent
by
class.
D
We
have
precedent
for
this
in
the
ci
access
as
well
ci
access
stores
the
access
as
configuration,
so
it's
pretty
similar
to
what
happens
there.
A
A
A
But
if
you
have
one
previously
approved-
and
you
add
one
more
glob.
C
C
So
what
I'm
saying
is
kind
of
no
okay
class
runs
in
the
because
it
is
kind
of
trusted.
So
it's
okay.
C
A
B
A
special
case
for
the
manifest
for
the
configuration
project
when,
like
that
one's
allowed
to
be
private,
because
you
know
it's
your
own
project,
I
do
have
a
thought
regarding
the
paths
does
the
does
it
need
to
be
unilateral,
so
you
know
the
agent
says
I
want
to
allow
you
to
deploy
these
paths,
but
they
can
just
put
a
star
you
know,
but
then,
and
that
that's
that's
in
a
way.
B
C
So
currently
agent
tells
cass
which
globs
it
wants.
C
D
It
could
be
that
the
approval
is
that
the
agent
can
access
this
project
and
it
might
not
have
anything
to
do
with
the
watch
files
specifically,
so
it
just
depends
what
we
want
to
go
with
and
that
way
the
approval
would
stand
for
any
future
updates.
So
we
could
pick
either.
I
don't
know
if
one's
more
correct
than
the
other.
C
We
need
to
ask
that
I
think
it's
a
kind
of
a
user
feature.
Ideally
it
should
be
as
simple
as
possible
and
just
has
access
to
this
project
is
hopefully
good
enough,
and
I
mean
you
are
deploying
your
stuff
into
this
kubernetes
cluster
that
is
owned
by
this
infrastructure
team.
So
you
don't
trust
them
like
you,
trust
them
to
run
your
application,
but
you
don't
trust
them
to
access
your
repository
like.
C
B
You
know
bike
shedding
or
where
there
may
be
technical
limitations
based
on
what
tools
they
are
using
outside
of
this
whole
thing,
you
know
they
might
have
to
put
manifests
three
levels
deep
because
of
something
something
you
know,
because
it
could
be
a
huge
monorepo
but
yeah.
I
don't
see
why
you
couldn't
just
ask
the
admin
administration
team
to
change
the
globs
on
that
side
there
there
must
be
some
communication
channel
between
the
agent
owner
and
the
project
owners.
C
B
No,
it's
not
it's,
not
a
it's
not
about.
In
my
case,
it's
not
about
security.
It's
just
about
not
making
agents.
Okay
or
not.
Making
agents
try
to
deploy
c,
plus
plus
files.
B
C
B
D
Was
this,
for
example,
an
email
notification
that
you
were
that
your
group
has?
Someone
has
requested
access,
that's
what
I
took
from
it.
I
think
either
way
if
that
is
the
case,
if
that
is
the
thing
the
feature
or
if
it's
not,
it's
probably
still,
you
know
step
two.
C
C
D
Maybe
not
it
was
probably
alerts
are
probably
a
bit
more
of
a
problem
or
a
requirement
when
things
get
auto
approved,
but
if
we're
not
doing
any
kind
of
auto
approval,
we
might
not
need
them
well
as
urgently.