My team has environments for production, staging, and 1 per engineer for development. This has been an awesome setup for us, especially with railway dev allowing the team to really utilize environment variables in Railway instead of passing around .env files.

That said, it does make me a bit worried that our less-senior engineers have full access to use/alter/delete services in our production environment via the Railway CLI. Even with good intent, it feels all too possible for someone to do some real damage.

Could it be possible to either:

a) Add some form of access control per environment?

b) At least setup a "protected" status for an environment that makes destructive action more difficult?

As an aside, I think Neon DB has a nice concept of "protected" db branches, which prevent accidental destructive action. Perhaps food for thought!