Hello,

Project ID: 37ea115e-fed3-43c8-af00-fb13803a351f

One of the primary reasons our team onboarded to railway was because of how easy it was to setup CI for the PR -> deploy isolated pr environment -> run integration tests flows. As we are scaling the team we are running into issues where we are only able to trigger these PR deployments if the PR author is also an Admin on the organization. Idk if this you consider this a bug or feature. We have tested for lowering the pr authors permissions on the organization from Admin -> Deployer and this does not trigger deployments from github PRs. Admin only.

So we are left in a situation where we have to trade off between keeping our environment and infrastructure locked down to a few engineering leads vs having isolated pr deployments for the entire team.

If our only solution is to build a GitHub Action that calls railway up with an admin key for all PRs this would be very unfortunate but we would at least like to know if this is the case.

As i see it, these are our options:

A. Give everyone in the organization Admin
- potentially isolate env vars via external service
(probably unacceptable access control policy)

B. Forego the automatic github bot PR environment spin up
- deploy pr envs via railway up in github actions
- keep the railway access to limited admins
(feels like we are rebuilding the same feature as the pr env deploy)

Main Questions:

• is the deployer role NOT deploying to pr env expected behavior?

• is there a way to lock down specific ENVs within a project to different access control?

• is this github action strategy what most people do here ( https://docs.railway.com/tutorials/github-pr-environment-actions )

Thanks in advance.