Restrict workflow access outside the pipeline it's part of

I have a workflow which is invoked as part of a pipeline. The 1st step in the pipeline is “Approval” from appropriate user group and 2nd step is to run that workflow.

Now I want to make sure that no one could deploy the workflow outside the pipeline (i.e. without approval). Is it possible to restrict workflow access so that it can only be run as part of a pipeline and not without it (pipeline)?

Alternatively, is it possible to define a workflow in-line inside a pipeline? This would make it impossible to deploy it outside that pipeline, which is exactly what I need.

In the Access Management portion of Harness, there are some execution capabilities in the User Group section. Set the “Deployments” permission to “Execute Pipeline” and “Read”.

I would prefer to define workflow in-line inside a pipeline. Is it possible?

@Anuj_Doiphode in some way you will have to restrict the user from the ability to deploy out, since pipelines are made up of workflows, and therefore pipelines do not do any deployments.

You would not be able to define a workflow in-line inside of a pipeline because Harness uses a declarative file reference approach (each object is defined as a small config file and referenced in the workflow configuration) to configuration rather than an imperative mono-file (one large in-line file of hundreds of lines that cannot be referenced) approach.