|
|
|
|
|
|
by aetherspawn
148 days ago
|
|
|
The really annoying thing about Cloudflare is that Workers don’t belong to zones (i.e. editing any worker is an account level permission, either: Read only or Edit), and thus you can’t scope a particular user or API key access to a particular set of workers. This means you can’t physically set different permissions between prod and dev workers, which is a disaster waiting to happen. (You can’t just make a second Cloudflare account for Prod, because it won’t let you
bind single sign-on to two different accounts…) It also means any employee in the company can just open a dev branch, print out the dev deploy key (from the Pipeline), and use it to deploy to prod. It’s currently impossible to block or mitigate. |
|
|
Multi account support when you pay for enterprise.