• Documentation
    • Search documentation
    karat

    +

    K

    API Reference ↗
    Data connectivity & integrationPipeline BuilderPipeline outputsRemove Markings on outputs
    Feedback

    Remove Markings from outputs

    Access requirements for platform resources are controlled by Markings. Markings restrict access in an all-or-nothing fashion: to access a resource, a user must be a member of all Markings applied to the resource. In addition, Markings are inherited through file hierarchies and direct dependencies.

    If you have the Remove marking permission for a specific Marking, you can now remove that inherited Marking from outputs in Pipeline Builder. This is equivalent to the stop_propagation argument in Code Repositories.

    Removing a Marking on an output is equivalent to stopping the propagation of a Marking from an input.

    Prerequisites

    You must complete the following steps before you can remove Markings using Pipeline Builder.

    Enable branch protection

    1. In Pipeline Builder, select Settings, then Manage branches.

    The Settings and Manage branches options in Pipeline Builder.

    1. Select the Branch protection tab.

    The Manage branches branch protection pop-up menu in Pipeline Builder.

    Require code approvals

    1. From the Branch protection tab, check the boxes to Require proposals to update protected branches and Require approval before merging.
    2. Specify the desired approval policy. An example approval policy is shown below.

    An example approval policy in Pipeline Builder.

    Enable changes to security Markings in pipeline settings

    1. Navigate to the Security approvals tab and check the box next to Allow changes to security Markings in this pipeline. You must have the Owner role on the pipeline to complete this step.

    Security approvals tab in Pipeline Builder.

    Once you Allow changes to security Markings in this pipeline, you cannot disable branch protection or remove code approval requirements. You must disable Allow changes to security Markings in this pipeline to disable those features.

    Once you remove a Marking in a protected branch, you cannot disable the Allow changes to security Markings in this pipeline from the Security approvals tab. You must undo the removal of the Marking first to disable this setting.

    Remove Markings

    1. Create a branch off of the protected branch.

    2. Navigate to Pipeline outputs on the right side of your screen, and hover over the output with the Marking(s) you want to remove. Then, select Edit.

    The Pipeline outputs tab in Pipeline Builder.

    1. Select the Configure Markings dropdown menu under the output dataset.

    Configure Markings dropdown on Pipeline Builder output.

    1. Under the Inherited Markings section in the pop-up menu, select the red remove icon next to the Marking(s) you want to remove.

    A pop-up dialog for removing Markings on an output in Pipeline Builder.

    The removed Markings will now show up under the Markings removed section in the dialog.

    The removed Markings in the Markings removed section in the pop-up dialog.

    1. Select Apply. You should now see a shield icon in the upper left of your output board with a negative number signifying how many Markings you are removing.

    The remove Marking icon on an output in Pipeline Builder.

    The changes you applied to Markings on outputs will not go into effect until the branch is merged successfully and deployed on the protected branch. If you try building the dataset on your branch, it will still show the original Markings.

    Propose your changes

    1. For your changes to Markings on pipeline output to take effect, create a proposal to merge your changes into the protected branch. The proposal will include a section for approving Marking removals, a function similar to pipeline code approvals.

    You must have the Remove marking permission to approve the change. Approvers for proposals to remove Markings do not need to be pipeline owners and only require View access to the proposal.

    A proposal to remove a Marking from a pipeline output.

    Every removed Marking will require a separate check, meaning that you could have multiple checks in one proposal. When you approve a Marking removal, your approval will apply for every Marking that you have permission to review.

    Once all required approvals have been granted, the proposal is allowed to merge. Deploying that version will allowing the Marking removals to take effect.

    Undo a Marking removal from a pipeline output

    1. To undo the removal of a Marking, navigate to Pipeline outputs on the right side of your screen and hover over the output with the Marking(s) you removed.

    2. Select Edit.

    The Pipeline outputs tab in Pipeline Builder.

    1. Select the Configure Markings dropdown menu under the output dataset.

    Configure Markings dropdown menu on Pipeline Builder output.

    1. Select the undo icon under the Markings not propagated section in the pop-up dialog.

    The Marking removal pop-up dialog, with the option to undo a Marking that stopped propagating.

    1. Select Apply, then save your pipeline from the top right of your screen.

    The Save button for the pipeline, found in the top right of the screen.

    1. Propose your changes to begin approval checks.

    2. Once approved, deploy your pipeline.

    Elevated permissions are not required to undo the removal of a Marking, unlike the permissions required to remove a Marking.

    Markings and job groups

    In a job group, Markings from all inputs will be inherited by all outputs within the same job group. To view an example and learn more about job groups, review our documentation.

    Markings and multiple protected branches

    If there are marking removals on any branch, you must stop removing markings from all branches in the pipeline before protecting or unprotecting branches. When multiple branches are protected, marking removals will target all protected branches.

    When security approval settings are enabled, you will not be able to change branch protection settings, including protecting or unprotecting branches.